Data Protection criticizes minimalism in the regulation of the STAYAWAY COVID tracking app

Data Protection criticizes minimalism in the regulation of the STAYAWAY COVID tracking app

The launch of the STAYAWAY COVID tracking app remains undated, but continues to generate controversy. The app is already being tested with a large group of users, with more than 13,000 people being contacted to install the application, and is part of a group of apps that are being used to break the transmission chains of the new coronavirus, helping to track risk contacts and advising users who have been in contact with people who tested positive for COVID-19.

But the application has been a matter of concern, partly due to the lack of transparency in its development, lack of proof of effectiveness and other doubts, which have led entities like D3 to ask questions about it. Now it was the National Data Protection Commission (CNPD) to criticize the decree-law approved by the Council of Ministers. The entity continues to affirm, after a new analysis, that the tracking app has problems that still need to be corrected, advances TSF.

CNPD states that the project is excessively minimalist in its regulation of operation and that all the concrete aspects of the processing of personal data are referred to a later definition by the Directorate-General for Health. At issue is the uncertainty about the universe of health professionals who can handle the personal data of patients inserted in the application or intervene in the system. The question of indefiniteness if only professionals from the public sector or also from the private sector can intervene, can jeopardize both the purpose and the effectiveness of the app.

Data Protection states that the approved diploma does not explain that the health professional with the competence to validate the diagnosis of COVID-19 infection is a doctor, arguing that only the class can access the system. He adds that, even though they are voluntarily used, the technologies used in the app raise concerns at the ethical and legal levels. He adds that the processing of personal data will be more problematic due to the fact that much of the work is done by two of the biggest technological companies: Apple and Google.

asked the Government to define safeguards related to the processing of personal data, namely that they are only used for the intended purpose of the app. He also mentions that there is a lack of laws that clearly define the limits of operation of the application.

Finally, the entity leaves a criticism to the Government that it only sent the draft decree-law for its evaluation, after it has already been approved by the Council of Ministers. CNPD says that the law has not been complied with, since the opinions must be made before the approval of diplomas, and that now it is no longer effective.