Imposta come home page     Aggiungi ai preferiti

DIGITAL CONTACT TRACING IN CHINA AND IN EUROPE: Protection of users data and effectiveness of public action

di e - 11 Maggio 2020
      Stampa Stampa      

The Annex I to the Common Toolbox states that contact tracing must take place through a proximity detector app voluntarily installed by users. In practice, the app sends a Bluetooth signal (i.e. a signal that does not gather information on the position of the smartphone) to all surrounding devices that also downloaded the app[24]. The delivery of the signal leaves a trace in nearby devices by generating a random serial number. This is linked to the QR code that identifies each user. The trace of the contact between the two Bluetooth signals is stored for 14 days in the memory of the smartphones, or in a central server that should ensure anonymity. In both cases, information on the user’s location is not registered. The only information collected is the anonymized trace of the contact, which should be deleted after 14 days[25].

Whenever public authorities identify an infected user, they can notify all other users anonymously traced in the phone storage, through an automated message or phone call[26]. The exact content of the notification might vary in different Member States, but its purposes are: a) to inform the notified party that he/she entered in contact with an infected subject (no information that will allow the notified party to identify the infected contact should be provided); b) to recommend the notified person to self-isolate for 14 days; c) to establish a first contact between the notified party and public health authorities, in order to allow timely testing in case symptoms arise (this functionality discloses the identity of the contact, but is activated on a voluntary basis)[27].

In comparing the EU system outlined in the Common Toolbox with the Chinese system, three main differences stand out. First, by relying on Bluetooth technology, the European system aims at ensuring privacy by design. It can signal proximity between infected users and other individuals, without accessing their location. Once implemented, the Bluetooth-based system might prove to be just as effective in tracing contacts, although it does not allow surveillance of confirmed infected subjects. In sum, the European system adds a further layer of protection to individual privacy, while sacrificing the tracking feature of the application.

Second, the European system does not grant public authorities with the power to access individual data. This is possible regardless of whether Member States opt to implement apps that store data in the user’s smartphone or in a centralized server. In the former case, decentralized storage simply prevents public authorities from processing and analysing data. The enhanced privacy comes at the cost of depriving public authorities of big data analysis tools that could be useful in fighting against the epidemic. In the latter case, since public authorities can access the central server, user privacy is protected through anonymization. Analysis of centrally stored data must be aggregated and limited to research aimed at tracking the epidemic curve[28]. Under both data storing procedures, all information must be canceled within 14 days.

Third, in the EU system, contact tracing apps can be installed on a voluntary basis. This might severely hinder the potential of the EU contact tracing system. For digital contact tracing to be effective, apps must indeed be downloaded by at least 50% of the population[29]. It is not clear how Member States may incentivize the use of the apps, but it is unlikely that they can muster the political will and the legal tools required to produce incentives comparable with those in place in China, where showing an app-generated green code is a precondition to access a wide array of public services. At most, as the guide published for ‘Immuni’ (the app currently being tested in Italy) seems to suggest, companies that are otherwise unable to ensure safe distances between employees may impose the use of the app[30].

As a matter of fact, a complete comparative analysis between the two systems will be possible only when contact tracing is fully implemented in Europe. Nevertheless, some tentative conclusions can already be drawn. The EU Common Toolbox openly refers to contact tracing in non-EU countries, such as Singapore, but it does not mention China, where data protection does not limit government access. Quite the contrary, in the Chinese system, the government has the right to access data precisely to prevent abuse from third parties. It can therefore store, aggregate and process data from a wide range of sources, and coordinate public and private actors alike in the development of contact tracing tools. This has proven effective in developing and progressively integrating contact tracing systems on a very large scale. However, it also raises the issue of data security when sensitive personal information in the hands of the government, such citizens’ medical condition, is shared with other public and private actors[31].

Chinese internet users are increasingly standing up for their privacy in front of internet giants, but also against the risk of data leaks from government departments. In response to these concerns, Beijing has released for public comments a draft of the Data Security Management Measures (数据安全管理办法)[32], and is currently working on a Personal Data Protection Law. The Measures introduce significant provisions such as the network operators’ obligation to notify individuals of the purposes of the information collection, and not disclose, tamper with, or damage citizens’ personal information that they have collected. Nonetheless, it is still unclear how companies will be audited against the new standards, and what their effect on business operations will be. Most importantly, the question of how personal data protection can be squared with the notion of “data sovereignty”, and with far-reaching national security and social stability goals, is one that still needs to be answered.

In the EU, the system outlined in the Common Toolbox does not allow Member States to impose the use of contact tracing apps. However, according to the General Data Protection Regulation (GDPR), whenever a task is carried out in the public interest, processing personal data is lawful, and it does not necessarily require the concerned person’s consent[33]. Furthermore, while the scope of the protection offered by the GDPR is based on the notion of personal data[34], compliant apps are not able to gather information on user location, and user identity is protected through pseudonymization. Therefore, these apps do not fall within the scope of the protection provided by the GDPR. In addition, the overall structure of the app seeks privacy by design, gathers a minimal amount of data, and prevents public authorities from accessing individual information. Insisting on citizens’ voluntary participation is redundant in terms of privacy protection, but could come at the cost of the overall effectiveness of the European contact tracing system.

In recent weeks, because of the exceptional nature of the current situation, EU Member States curtailed a wide range of constitutional rights, such as freedom of movement and freedom of assembly. Compared to these extraordinary and traumatic limitations, the imposition of a tracing system in which users’ location is not recorded, and their data is anonymized, seems reasonable.

In several East Asian countries, digital contact tracing has proven a useful tool in containing the virus and in restarting the economy. This is the case not only in China, but also in democracies such as South Korea. For the first time, Europe faces the possibility that the protection of individual liberties, if rigidly interpreted, might be put at a competitive disadvantage with societies that share a higher degree of confidence in the use of digital technologies.

In the 1800s, China declined because it was unable to imagine how foreign technologies could coexist in a largely feudal and Sino-centric value-system. More in general, history shows that societies, no matter how prosperous, are at risk of declining if they cannot cope with the introduction of new technologies. In the fight against COVID-19, and in the management of public affairs more in general, Europe must embrace the use of digital technologies and shape them according to its own values.


24.  Annex I of the Common Toolbox, TF01, provides that the epidemiologically relevant distance is 1.5 meters. According to the Common Toolbox §1,2, b, i, the technical device should also keep the duration of the contact into account.

25.  Annex I of the Common Toolbox, EF01

26.  The warning can be triggered by the user, through a QR code provided by public health authorities, or by public health authorities themselves. The latter option is only possible when the centralized data storage is adopted. In any case, it is unclear whether public authorities may issue the notification without the consent of the infected person. Anonymization imposed on centralized data storage impedes connecting the infected person to the serial number identifying it. See Annex I of the Common Toolbox, EF05.

27.  see Annex I of the Common EU Toolbox EF07.

28.  Annex I of the Common EU Toolbox EF07.

29.  Common EU Toolbox, pag. 2




33.  Article 6, 1, lett. e) of the GDPR.

34.  Article 4, 1 of the GDPR defines personal data as information relating to an identified or identifiable natural person (…) in particular with regard to its name (..), location data(..).

Pagine: 1 2 3


RICERCA AVANZATA Via Arenula, 29 – 00186 Roma – Tel: + 39 06 6990561 - Fax: +39 06 699191011 – Direttore Responsabile Filippo Satta - informativa privacy