Developers seek to build COVID-19 contact-tracing app compliant with EU’s strict GDPR

Developers seek to build COVID-19 contact-tracing app compliant with EU’s strict GDPR Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter (@Gadget_Ry) or Mastodon (@gadgetry@techhub.social)


A consortium based in Switzerland is seeking to build a COVID-19 contact-tracing app compliant with the EU’s strict data protection regulation.

The EU’s GDPR (General Data Protection Regulation) divides people into two camps. To some, the regulation offers citizens necessary protection against mass data collection. To others, GDPR is a hindrance that limits innovation and leads to startups establishing and offering their services in less strict regulatory environments.

Contact-tracing, the ability to find people who’ve been in close proximity to an individual, has been a powerful tool in the fight against the COVID-19 pandemic. Countries that have been successful in containing their national outbreaks, like South Korea and Singapore, have been aided by quickly deploying contact-tracing apps.

Singapore’s TraceTogether works by using Bluetooth to detect all the other users an individual has been in close proximity to. If that individual is then diagnosed with COVID-19, the health ministry of Singapore can access the app’s log to identify all the people that person had close contact with.

In Europe, deploying such an app is far more complex due to GDPR. Despite the challenge,  the new group, named Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), want to make a GDPR-compliant contact-tracing app.

PEPP-PT wrote in a post: “All procedures, mechanisms, standards and code at PEPP-PT is continuously monitored by our security team. In parallel, national cyber security agencies and national data protection agencies inspect all of the above line-by-line on a regular basis and sign. We have always asked and continue to motivate security activities to get in touch to review and improve our code or procedures.”

As we reported last month, Singapore is making its TraceTogether app open source to help developers around the world to build localised solutions. TraceTogether may provide a base for PEPP-PT to build a GDPR-compliant solution from.

In a manifesto (PDF), PEPP-PT highlights the urgency in developing a European contact-tracing app to avoid social and economic collapse:

“The only possibility to achieving these goals is to track physical proximity interaction and immediately isolate infected cases and quarantine their contacts.

This is the way everybody – relatively short term – can return to almost normal social and economic life.”

European countries have been among the hardest hit by the COVID-19 pandemic yet could be some of the last to deploy a vital contact-tracing app. Just last week, India launched a contact-tracing app called AarogyaSetu.

This isn’t the first time GDPR has become a hindrance in fighting the COVID-19 pandemic in Europe.

British supermarkets, for example, have been waiting for the details of 1.5 million vulnerable people isolating from coronavirus to deliver food boxes to them. However, they’ve been held up due to GDPR preventing the mass sharing of information such as people’s names, addresses, and/or emails. The UK remains subject to the bloc’s rules until the end of this year when a “transition” period ends following its Brexit decision.

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Tags: , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *