The European Commission recently issued guidelines on mobile applications supporting the fight against COVID-19 in relation to data protection. Mobile applications commonly installed on smartphones can act as a support mechanism for health authorities at the national and EU level in monitoring and managing the ongoing COVID-19 pandemic and are particularly important in easing measures to reduce the spread of the disease. They can give direct instructions to citizens and support contact tracing.
Scope of the guidelines
The European Commission's guidelines set out the elements and requirements that mobile applications should meet to ensure compliance with EU privacy and personal data protection legislation, in particular the General Data Protection Regulation (GDPR) and the ePrivacy Directive. However, these guidelines do not address any other conditions or restrictions that may be part of Member States' national law. The instructions are not legally binding. They are without prejudice to the role of the European Court of Justice as the only body that can provide a binding interpretation of EU law. The guidelines only apply to voluntary applications supporting the fight against the COVID-19 pandemic, which have one or more of the following functions:
- provide individuals with accurate information on the COVID-19 pandemic,
- provide self-assessment questionnaires and guidance for individuals (symptom assessment function),
- alert persons who have been in the vicinity of an infected person for a certain period of time in order to provide information on whether to undergo home quarantine and where to be tested (contact tracing and alert function),
- provide a communication forum between patients in self-isolation and doctors, or where advice is provided on further diagnosis and treatment (greater use of telemedicine).