The Council of Europe ("COE") has published a report that identifies a series of privacy issues with the measures adopted by governments worldwide to prevent the spread of the COVID-19. The document is analytical and somewhat critical of the legal and technical measures that have been put in place.  The report carries out an in-depth review of digital contact tracing applications and monitoring tools.

Some of the main issues the COE has spotted are as follows:

  • Lack of transparency: The COE calls on governments to ensure transparency of digital solutions in order to ensure respect of the rights to privacy and data protection. 
  • Lack of coordination: It also regrets that in spite of numerous calls for coordination and interoperability of digital solutions to prevent the spread of the COVID-19 pandemic, countries have individually implemented widely diverging systems, thereby limiting the efficiency of the measures taken. 
  • Insufficient privacy compliance: The report assesses how the measures adopted comply with privacy requirements as well as gives recommendations on how to ensure the efficiency and resilience of the data protection framework.
  • Concern about extensive governments powers and misuse of "public interest": In most countries, governments adopted emergency measures that gave governments extensive powers, usually only for a limited period of time. The report identifies shortcomings in a number of countries concerning the legal basis of the measures adopted, their proportionality and aspects such as their justification by public interest and the consent of the data subject for data processing. A particularly challenging aspect is the limitation of the purposes for data processing – the report points out that in some countries the boundaries between healthcare and police enforcement purposes have been sometimes blurred. 
  • Lack of adequate security: The report also points out some privacy risks related to the security, storage and sharing of data, which has led to the withdrawal of certain measures in some countries.

The message from the COE seems to be loud and clear: privacy comes first. No ifs, no buts.