Contact-tracing apps to combat the Covid-19 pandemic have increasingly been mentioned as useful tools to accompany and contribute to a return to normality despite the many ethical and legal questions they raise. The pressure exerted by business circles and lobbies to restart and ‘save the economy’ has been intense. What started as a public health crisis morphed into an economic crisis and we are now faced with a ‘trick-or-treat’ choice: accept to ‘pay the price’ and use invasive tracing apps, and by so doing facilitate a gradual reopening of business, or fight for privacy and delay the return to normality. This policy brief offers new arguments to reject this binary choice and argues that:
- Using contact-tracing apps to fight the spread of the virus is intrusive and threatens EU citizens' right to privacy. To defend this right, key rules and principles of EU law, in particular those embedded in the General Data Protection Regulation (GDPR) and e-Privacy Directive, must be upheld.
- Claiming that defending privacy undermines the fight against the pandemic and the reopening of the economy is a mistake: for contact-tracing apps to be at all effective, they must be voluntarily and freely downloaded and used by a majority of citizens. This will only happen if citizens are confident that their privacy is not at stake. The two battles, for privacy and against COVID-19, are complementary, not opposed.
- Contact-tracing apps should only be used in the workplace if specific requirements are met (regarding, among other things, the purpose of the app, the type of data collected, how long the data is kept, whether workers give their consent, and whether trade unions are involved).
- Finally, it is of the utmost importance that contact-tracing apps are not used to sow the seeds of a future culture of hyper surveillance in the workplace.