France’s contact tracing strategy to combat the spread of Covid-19 has been thrown into question after the country admitted the impact of an under-development app could be limited due to privacy protections implemented by Google and Apple.
The country is the first to publicly call on the two firms to weaken their privacy protections around contact tracing in order to make a Covid-19 contact tracing app work effectively.
Speaking to Bloomberg news, digital minister Cédric O, said that while devices from the two companies can collaborate there are strict limits around the data those devices can send to public health authorities.
“We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system,” he said in the interview.
If Apple and Google bow to this one they are likely to have have to do the same for any government that requests similar, sparking a debate over whether it’s tech companies or public health bodies that should have the power to make such a choice.
If the tech companies do not oblige, France’s ability to contact trace through an app – scheduled for launch on May 11 – will be significantly compromised. The apps won’t work when “backgrounded” or when the screen is locked. Google and Apple have yet to respond.
As Capacity has reported, the ongoing collection of data has caused some privacy advocates to fear that data will be used disproportionately, and industry watchers have pointed out the process could go against GDPR or even Human Rights legislation.
In late March the European Data Protection Supervisor backed plans from the European Commission and telcos’ to collect citizens’ mobile phone data to help tackle the Coronavirus.
Meanwhile in April, Capacity learned the GSMA’s membership had created guidelines to advise governments, regulators and health authorities about what is and what is not legal.
One challenge of this was that the GSMA, as a worldwide organisation, had to steer a careful path around every country’s privacy laws – ranging from very tight rules in the EU and other European countries, strictly limiting what can be done with data, to a relaxed attitude to data privacy in countries such as China and the US.