German authorities were increasingly criticized on Tuesday for their misuse of a COVID contact tracing app to investigate a case.
The case illustrates the concerns expressed by data protection experts. It also plays into the hands of protest groups who fiercely oppose all pandemic brakes and express skepticism about COVID vaccinations, politicians have warned.
The incident concerns the authorities of the city of Mainz. At the end of November, a man died on his way out of a restaurant in the city, prompting the police to open a case.
While trying to locate witnesses, police and prosecutors managed to ask local health officials to release data from the Luca app, which records how long people stayed in a facility.
Authorities then contacted 21 potential witnesses based on data they had illegally acquired from the app.
Reports on the case, which were released last week, have sparked widespread outrage.
Mainz prosecutors said in a statement that they had opened an investigation and guaranteed “that the relevant data will no longer be used”.
To date, there are no other known cases in which the police have successfully obtained data from the app for investigations.
What does the app do?
The Luca app works by recording the time customers have spent in a restaurant, bar, or cultural event.
Users enter their personal information into the app. They can then scan a QR code at a restaurant or event and log out when they leave.
In the event that a person tests positive for COVID-19, local health authorities can more easily identify and alert people who may have been exposed to the virus.
Using the Luca app and other similar apps alleviated some of the paperwork for restaurants, bars, and event planners – who at the onset of the pandemic had to ask customers to write down their coordinates on pieces of paper.
The app is also subject to the strict data protection laws in Germany.
The only way to recover the data is for the local health department and the facility to both give their consent to decrypt the personal data.
Once it is no longer encrypted, only local health departments are allowed to have access to clients’ personal data. In addition, the data can only be used in the event of a continuation of a potential chain of infection.
What was the response?
The developers of the application, culture4life, have strongly criticized the actions of the authorities in Mainz.
“We condemn the abuse of Luca data collected to protect against infection,” the company said in a statement.
Culture4life added that it frequently receives requests for data from law enforcement agencies, but these requests are systematically refused.
Members of the ruling coalition in Germany, which includes Social Democrats, Greens and Free Democrats, have also expressed concern over the case.
Konstantin von Notz, a senior member of the Greens, has warned that abuse of the app could undermine public confidence and hamper efforts to stem the rise in COVID-19 cases.
“We must not let faith in digital applications, which are an important tool in the fight against COVID-19, disappear,” he said in Tuesday’s edition of Handelsblatt newspaper.
Some politicians have even called on people to remove the app from their phones – a stance strongly opposed by one of the app’s developers.
German rapper Smudo helped develop the app and is a business partner in the company, allowing his band and other musical groups to perform live again.
“I think it is irresponsible that appeals from one or two politicians – whom I had never heard of before – could prompt people in the midst of this pandemic situation to remove the Luca app,” Smudo told mass dissemination. Bild newspaper.
“Whoever hangs on the edge of a cliff isn’t just throwing a rope,” the rapper said.
rs / wmr (dpa, AFP)