SlideShare a Scribd company logo

COVID19 vs GDPR: the case of “Immuni” Italian app

Federico Costantini
Federico Costantini

The document discusses Italy's "Immuni" contact tracing app in the context of balancing privacy and public health during the COVID-19 pandemic. It provides an overview of Immuni, including its decentralized design based on the Apple/Google exposure notification system, validation of positive diagnoses by health operators, and expiration of collected data by December 2020. While the open source code and focus on privacy protections were positives, some concerns remained around cybersecurity and delegation of database handling to third parties.

Law
1 of 35
1 Prof. Aggr. FEDERICO COSTANTINI University of Udine > Department of Law EU GENERAL DATA PROTECTION REGULATION LECTURE Dr. Erion Murati - Webinar 28 May 2020 Universität Hamburg Fakultät für Rechtswissenschaft COVID19 vs GDPR: the case of “Immuni” Italian app
2 Summary (1) Introduction: tackling pandemies and other diseases From «typhoid Mary» to contemporary outbreaks (2) Different technological solutions: a short comparison GSM / IP / GPS / Wifi / Bluetooth (3) Different approaches to COVID19 (PROs / CONs) Contact tracing / contact tracking / exposure notification (4) COVID19 / GDPR (and mobile devices) A difficult balance, not a conflict (5) «Immuni» The italian solution (6) Conclusions Take away, Q/A </>
3 (1) Introduction: tackling pandemies and other diseases
4 (1) Introduction: tackling pandemies and other diseases It is a current common understanding that in order to tackle the outbreak of infectious diseases it is required a combined strategy called “TTT”: - Test people in order to find who is affected; - Track how the disease is spreading; - Trace personal contacts of infected patients OECD Policy Responses to Coronavirus (COVID-19) Testing for COVID-19: A way to lift confinement restrictions (4 May 2020) (http://www.oecd.org/coronavirus/policy- responses/testing-for-covid-19-a-way-to-lift-confinement-restrictions-89756248/) https://commons.wikimedia.org/wiki/File:Mary_ Mallon_(Typhoid_Mary).jpg This approach is based on modern scientific evidences and can be dated back to the beginning of XX century, as demonstrated by the famous case of “Typhoid Mary”, a New York cook who (hiding from health authorities) infected the families where she worked, until she was forced to live in quarantine for the rest of her life.
5 (1) Introduction: tackling pandemies and other diseases Unfortunately, in the world we are living, things get more complicated by several factors which depend on the kind of disease and on people behaviour. Epidemiology can receive a huge contribution by computer science. The fact is that people is interconnected in a very complex decentralized network of personal and professional relations. This network is constantly changing, so it is difficult to test, treat and trace disease, both real and ”ficticious”. Coronavirus: Learning How to Dance Part 1: A Dancing Masterclass, or What We Can Learn from Countries Around the World https://medium.com/@tomaspueyo/coronavirus-learning-how-to-dance-b8420170203e Coronavirus: The Basic Dance Steps Everybody Can Follow Part 2 of Coronavirus: Learning How to Dance https://medium.com/@tomaspueyo/coronavirus-the-basic-dance-steps-everybody-can-follow-b3d216daa343 Coronavirus: How to Do Testing and Contact Tracing Part 3 of Coronavirus: Learning How to Dance https://medium.com/@tomaspueyo/coronavirus-how-to-do-testing-and-contact-tracing-bde85b64072e MUNZ, P., HUDEA, I., IMAD, J. & SMITH, R. J. S. 2009. When zombies attack!: Mathematical modelling of an outbreak of zombie infection. In: TCHUENCHE, J. M. & CHIYAKA, C. (eds.) Infectious Disease Modelling Research Progress. Nova Science Publishers. </> BARAN, PAUL, On Distributed Communications Networks: RAND, 1962, P-2626.
6 (2) Different technological solutions: a short comparison
7 (2) Different technological solutions: a short comparison ICTs of course can help today. Different technologies can be exploited in tackling outbreaks. It is known that individuals can be located through the data shared by their mobile devices. Here I offer some quick examples.
8 (2) Different technological solutions: a short comparison GSM Tower cells are commonly used to pinpoint the location of individuals (for example in criminal investigations, or in emergency calls) Problems: not accurate (e.g. rural areas)
9 (2) Different technological solutions: a short comparison IP addresses If a device is connected to Internet, it is identified by an IP address, which is qualified as personal data, allowing the indirect identification of users. Problems: not accurate, transition IPv4-> IPv6
10 (2) Different technological solutions: a short comparison GPS The position of a device relies on a very sophisticated and worldwide satellite system. Problems: slow, inefficacy inside buildings https://en.wikipedia.org/wiki/Global_Positioning_System
11 (2) Different technological solutions: a short comparison Wifi Wi-Fi connections can locate us very easily. Problem: not accurate, needs to be activated
12 (2) Different technological solutions: a short comparison Bluetooth Bluetooth technology allows a more detailed proximity measurement Problem: needs to be activated
13 (2) Different technological solutions: a short comparison (Obvious) observation: As a matter of fact, each technology has advantages and disadvantages. Their utility depends on the purpose of their adoption. There is no «one fits all» solution. In ICTs, most of the implementations rely on the consent of the user. Monitoring people through devices is difficult because: - Not everybody owns a device (it is not mandatory to have a phone) - Devices are different (manufacturer, O.S., new / old) - Applications need to be activated and configured - Applications need to be running - There has to be an ecosystem which effectively processes all the data - The battery of the devices is needs to be recharged often </>
14 (3) Different approaches to COVID19 (PROs / CONs)
15 (3) Different approaches to COVID19 (PROs / CONs) There is a conceptual difference which is important to point out: Contact tracking The individual is tracked, which means that she/he is followed or monitored in its movement while it is performed. (es: mail tracking) Contact tracing The individual has already concluded its movement, and the analysis of its jouney goes backwards. (es: phone call tracing) Exposure notification The individual is neither traced nor tracked, but her/his contacts are logged. (es: Google / Apple api)
16 (3) Different approaches to COVID19 (PROs / CONs) In general, we are in front of a sub-optimal choice, since there is not a specific technology which is the best solution. Localization (GPS) Proximity (BLE) False positive (marked as infected while it is not) Having been in an infected place without becoming sick Having been in contact with someone infected without becoming sick False negative (marked as healthy while it is not) Having been infected by someone in a place considered «safe» Having been infected by someone not considered as positive, or in an infected place.
17 (3) Different approaches to COVID19 (PROs / CONs) There is also an option which depends on the approach adopted by the lawmakers and operated by the service providers. Centralized reporting Decentralized reporting Protocol Pan-European Privacy-Preserving Proximity Tracing Decentralized Privacy-Preserving Proximity Tracing Temporary Contact Numbers Protocol Model - User registration (pseudonimization) - (if positive) upload contact log - Centralized reporting server receives the logs - Human in the loop check -> Health authorities verification - Message sent to contacts - User exchange ephemeral Ids ((EphID) - Decentralized, since contact logs are stored locally on the devices - (if positive) report sent to a server and distributed to other devices - The device checks if there is a match with its contact list Key features - Risks of re-identification - Lacks of transparency - Contact logging and infection reporting are separated - Risk of attacks by third parties
18 (3) Different approaches to COVID19 (PROs / CONs) Apple / Google model of digital contact tracing (24 April 2020)
19 (3) Different approaches to COVID19 (PROs / CONs) Apple / Google model of digital contact tracing (24 April 2020) - Decentralized as DP-3T - Implemented at operating system level - Interoperability (IOS / Android devices) - Limitations by the operating systems (and thus the kind of devices) - IOS 13.5 - Android Marshmallow and later </>
20 (3) Different approaches to COVID19 (PROs / CONs) Why do they do that? To collect data from other sources or in other ways … https://blog.google/outreach-initiatives/small- business/new-tools-help-businesses-during-covid-19/ </>
21 (3) Different approaches to COVID19 (PROs / CONs) Are there other approaches? What about, instead of building an app, to create an ecosystem? The purpose is to combine GPS + BLE in order to get the most benefits while minimizing drawbacks - Open code - BLE contact tracing - Decentralized logging of contacts - Authorized verification of positives - «Heat map» for healthcare authorities </> https://covidsafepaths.org/
22 (4) COVID19 / GDPR (and mobile devices)
23 (4) COVID19 / GDPR (and mobile devices) There was a time when GDPR was feared … it was just two years ago … With the outbreak of COVID19 the public opinion has changed. GDPR is considered from a twofold perspective: - On one hand, as the last stronghold of fundamental rights of the individual - On the other hand, a useless regulation hampering the enforcement of public health. The common belief is that public health is in contrast with individual privacy https://www.facebook.com/VaronisSystems/photos/pb. 125005500878837.- 2207520000.1508767539./1549165935129446/?type= 3&theater
24 (4) COVID19 / GDPR (and mobile devices) KEY ASSUMPTIONS (1) «Privacy» is about individual consent (2) «data protection» is about security CONSEQUENTLY (1) GDPR is not about «privacy» (2) «data protection» is not against public health
25 (4) COVID19 / GDPR (and mobile devices) - Art. 6 GDPR provides grounds for data processing of personal data (including geolocalization): consent is only one among six conditions - (among the conditions): Art. 6 § 2 lett. e) «processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller»; - Art. 9 GDPR provides grounds for data processing of «special categories of personal data» (including health): consent is only one of many others exceptions - (among the exeptions): (Art. 9 § 2 lett. i) «processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;» - Further provision: art. 9 § 4: «Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health».
26 (4) COVID19 / GDPR (and mobile devices) Keypoints of the European Data Protection Board - Statement on the processing of personal data in the context of the COVID-19 outbreak — 19/03/2020 - Mandate on the processing of health data for research purposes in the context of the COVID-19 outbreak — 07/04/2020 - Mandate on geolocation and other tracing tools in the context of the COVID-19 outbreak — 07/04/2020 - EDPB Letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic — 14/04/2020 «The EDPB notes that the mere fact that the use of the contact tracing takes place on a voluntary basis, does not mean that the processing of personal data by public authorities necessarily be based on the consent. When public authorities provide a service, based on a mandate assigned by and in line with requirements laid down in law, it appears that the most relevant legal basis for the processing is the necessity for the performance of a task for public interest». </>
27 (5) «Immuni»
28 (5) «Immuni» History - 24-26 March 2020: «Fast call» from the Ministry of innovation, 319 applicants - 2 were in the final selection, 1 won: a consortium between Bending Spoons and Centro Medico Santagostino - 16 April 2020: Contract with the winner signed for free - 29 April 2020: opinion of the Data Protection Supervisor on the legislative proposal - 13 May 2020: concerns expressed by the Parliamentary Commission for national security - 25 May 2020: open code released publicly https://github.com/immuni-app/immuni-documentation https://innovazione.gov.it/source-code-immuni/
29 (5) «Immuni» Features (similar to Apple / Google platform) «When two users come sufficiently close to each other for long enough, their devices record each other’s rolling proximity identifier in local memory. Rolling proximity identifiers are generated from temporary exposure keys and change multiple times each hour. Temporary exposure keys are generated randomly and change once per day. When a user tests positive for SARS-CoV-2, the virus causing COVID-19, they have the option to upload to a server their recent temporary exposure keys. This operation can only happen with the validation of a healthcare operator. The app periodically downloads the new temporary exposure keys and uses them to derive the infected users’ rolling proximity identifiers for the recent past. It then matches the identifiers against those stored in the device’s memory and notifies the user if a risky exposure has occurred. The system uses no geolocation data whatsoever, including GPS data. So, the app cannot tell where the contact with a potentially contagious user took place, nor the identities of those involved. Besides the temporary exposure keys, the Immuni app also sends to the server some analytics data. These include epidemiological and operational information, and are sent for the purpose of helping the National Healthcare Service (Servizio Sanitario Nazionale) to provide effective assistance to users». https://github.com/immuni-app/immuni-documentation/blob/master/README.md
30 (5) «Immuni» Key findings - The Italian Ministry of Health is the Data Controller - Open source code: GNU Affero General Public License v3.0 - Decentrealized servers / encryption of data stored on the devices - Validation of health operator is intended to avoid the upload of false positive in the database - Upload of epidemiological information for health authorities - Personal data erased on 31/12/2020 - Three regions selected for testing the app (Liguria, which refused, Abruzzo and Puglia), not Ferrari (as it seemed at the beginning) https://github.com/immuni-app
31 (5) «Immuni» Legal Background - Article 6, D.L. 30 aprile 2020, n. 28, Misure urgenti per la funzionalita' dei sistemi di intercettazioni di conversazioni e comunicazioni, ulteriori misure urgenti in materia di ordinamento penitenziario, nonché disposizioni integrative e di coordinamento in materia di giustizia civile, amministrativa e contabile e misure urgenti per l'introduzione del sistema di allerta Covid-19 (GU n.111 del 30-4- 2020): - Comma 1: adoption of the exposure notification platform -> «Immuni» - Comma 2: Data Impact Assessment (art. 35 GDPR) and Data Protection Authority consultation - Comma 3: exclusion of processing for different purposes - Comma 4: no prejudice for non-adopters or opting-out - Comma 5: servers in Italy, provider in Italy, open code - Comma 6: expiration date of the data processing: 31/12/2020 - Comma 7: budget limit 1.500.000 euro
32 (5) «Immuni» Concerns - Cybersecurity. 13 May 2020, report from the Italian Parliamentary National Security Committee: company shareholders (not entirely Italians) - Data Impact Assessment (Article. 35 GDPR) not yet released by Ministry of Healtyù - Database provider, the Ministry of Health will delegate the handling to third parties (State-owned companies) which at the moment are not identified and the code has not been still implemented. - Limitations of liability for authors included in the License - Transparency (as of today it seems that the code released is not the final version) (https://www.infosec.news/2020/05/26/news/tecnologie-e-salute/sapete-che-con-immuni-non-ce-nessuna-garanzia-da-bending- spoons/)
33 (6) Conclusions
34 (6) Conclusions TAKE AWAY (1) Privacy is not data protection, GDPR is not against healthcare (2) The perception of privacy depends on culture (private / public) (3) Individual usage is an issue (it is quite unlikely that these apps will be used by the majority of the population) (4) Some concerns have not raised the attention of the general public: (1) Private contact tracing apps (employers / employees) (2) Local contact tracing apps (municipalities, regions) (3) Interoperability among different national apps (German, Austrian, Italian) (5) COVID19 will pass (hopefully), but our society is changed quickly, deepl, and maybe forever (welcome to the XXI Century) </>
35 Many thanks! federico.costantini[@]uniud.it

Recommended

Generation of infectious disease alerts through the use of geolocation
Generation of infectious disease alerts through the use of geolocationGeneration of infectious disease alerts through the use of geolocation
Generation of infectious disease alerts through the use of geolocation
journalBEEI
 
COVID RESEARCH.docx
COVID RESEARCH.docxCOVID RESEARCH.docx
COVID RESEARCH.docx
SaudBilal3
 
Role of data science during covid times
Role of data science during covid timesRole of data science during covid times
Role of data science during covid times
TanyaAgarwal71
 
Real Time Mask Detection Architecture for COVID Prevention
Real Time Mask Detection Architecture for COVID PreventionReal Time Mask Detection Architecture for COVID Prevention
Real Time Mask Detection Architecture for COVID Prevention
IRJET Journal
 
A decision-making system for Corona prognosis using fuzzy inference system
A decision-making system for Corona prognosis using fuzzy inference systemA decision-making system for Corona prognosis using fuzzy inference system
A decision-making system for Corona prognosis using fuzzy inference system
Journal of Fuzzy Extension and Applications
 
GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...
GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...
GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...
ijcisjournal
 
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
IJCI JOURNAL
 
An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...
An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...
An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...
BOHR International Journal of Smart Computing and Information Technology
 

Recommended

Generation of infectious disease alerts through the use of geolocation
Generation of infectious disease alerts through the use of geolocationGeneration of infectious disease alerts through the use of geolocation
Generation of infectious disease alerts through the use of geolocation
journalBEEI
 
COVID RESEARCH.docx
COVID RESEARCH.docxCOVID RESEARCH.docx
COVID RESEARCH.docx
SaudBilal3
 
Role of data science during covid times
Role of data science during covid timesRole of data science during covid times
Role of data science during covid times
TanyaAgarwal71
 
Real Time Mask Detection Architecture for COVID Prevention
Real Time Mask Detection Architecture for COVID PreventionReal Time Mask Detection Architecture for COVID Prevention
Real Time Mask Detection Architecture for COVID Prevention
IRJET Journal
 
A decision-making system for Corona prognosis using fuzzy inference system
A decision-making system for Corona prognosis using fuzzy inference systemA decision-making system for Corona prognosis using fuzzy inference system
A decision-making system for Corona prognosis using fuzzy inference system
Journal of Fuzzy Extension and Applications
 
GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...
GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...
GIVING UP PRIVACY FOR SECURITY: A SURVEY ON PRIVACY TRADE-OFF DURING PANDEMIC...
ijcisjournal
 
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
Exploring Vulnerabilities and Attack Vectors Targeting Pacemaker Devices in H...
IJCI JOURNAL
 
An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...
An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...
An Investigation Into the Impacts of ICT in the Compacting of COVID-19: A Nam...
BOHR International Journal of Smart Computing and Information Technology
 
A Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
A Cloud-Based Prototype Implementation of a Disease Outbreak Notification SystemA Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
A Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
IJCSEA Journal
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
DaliaCulbertson719
 
Role of Modern Technology in Fighting Stigma Related to HIV/AIDS
Role of Modern Technology in Fighting Stigma Related to HIV/AIDSRole of Modern Technology in Fighting Stigma Related to HIV/AIDS
Role of Modern Technology in Fighting Stigma Related to HIV/AIDS
International Journal of Science and Research (IJSR)
 
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance SystemCloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
idescitation
 
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
IRJET Journal
 
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
BOHR International Journal of Smart Computing and Information Technology
 
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
IJCSEA Journal
 
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some ConsiderationsSpatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
sanjay_rana
 
Comprehensive study: machine learning approaches for COVID-19 diagnosis
Comprehensive study: machine learning approaches for COVID-19 diagnosis Comprehensive study: machine learning approaches for COVID-19 diagnosis
Comprehensive study: machine learning approaches for COVID-19 diagnosis
IJECEIAES
 
Smart solution for reducing COVID-19 risk using internet of things
Smart solution for reducing COVID-19 risk using internet of thingsSmart solution for reducing COVID-19 risk using internet of things
Smart solution for reducing COVID-19 risk using internet of things
nooriasukmaningtyas
 
An Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: SurveyAn Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: Survey
BRNSSPublicationHubI
 
ONE BG 9307554036.pdf
ONE BG 9307554036.pdfONE BG 9307554036.pdf
ONE BG 9307554036.pdf
tanvirali26
 
ONE BG 9307554036.pdf
ONE BG 9307554036.pdfONE BG 9307554036.pdf
ONE BG 9307554036.pdf
tanvirali26
 
Digital surveillance for covid 19 and its implications for security and privacy
Digital surveillance for covid 19 and its implications for security and privacyDigital surveillance for covid 19 and its implications for security and privacy
Digital surveillance for covid 19 and its implications for security and privacy
Rohini Lakshané
 
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Simone Aliprandi
 
Design and development of a fuzzy explainable expert system for a diagnostic ...
Design and development of a fuzzy explainable expert system for a diagnostic ...Design and development of a fuzzy explainable expert system for a diagnostic ...
Design and development of a fuzzy explainable expert system for a diagnostic ...
IJECEIAES
 
Determining the Factors of Slow Adoption of Information and Communication Tec...
Determining the Factors of Slow Adoption of Information and Communication Tec...Determining the Factors of Slow Adoption of Information and Communication Tec...
Determining the Factors of Slow Adoption of Information and Communication Tec...
Jasfia Khanam Fama
 
A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation
IJECEIAES
 
Online medical consultation: covid-19 system using software object-oriented a...
Online medical consultation: covid-19 system using software object-oriented a...Online medical consultation: covid-19 system using software object-oriented a...
Online medical consultation: covid-19 system using software object-oriented a...
riyaniaes
 
Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...
Ann Johnson
 
The EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
The EU ‘AI ACT’: a “risk-based” legislation for robotic surgeryThe EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
The EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
Federico Costantini
 
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALEL’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
Federico Costantini
 

More Related Content

Similar to COVID19 vs GDPR: the case of “Immuni” Italian app

A Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
A Cloud-Based Prototype Implementation of a Disease Outbreak Notification SystemA Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
A Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
IJCSEA Journal
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
DaliaCulbertson719
 
Role of Modern Technology in Fighting Stigma Related to HIV/AIDS
Role of Modern Technology in Fighting Stigma Related to HIV/AIDSRole of Modern Technology in Fighting Stigma Related to HIV/AIDS
Role of Modern Technology in Fighting Stigma Related to HIV/AIDS
International Journal of Science and Research (IJSR)
 
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance SystemCloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
idescitation
 
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
IRJET Journal
 
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
BOHR International Journal of Smart Computing and Information Technology
 
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
IJCSEA Journal
 
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some ConsiderationsSpatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
sanjay_rana
 
Comprehensive study: machine learning approaches for COVID-19 diagnosis
Comprehensive study: machine learning approaches for COVID-19 diagnosis Comprehensive study: machine learning approaches for COVID-19 diagnosis
Comprehensive study: machine learning approaches for COVID-19 diagnosis
IJECEIAES
 
Smart solution for reducing COVID-19 risk using internet of things
Smart solution for reducing COVID-19 risk using internet of thingsSmart solution for reducing COVID-19 risk using internet of things
Smart solution for reducing COVID-19 risk using internet of things
nooriasukmaningtyas
 
An Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: SurveyAn Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: Survey
BRNSSPublicationHubI
 
ONE BG 9307554036.pdf
ONE BG 9307554036.pdfONE BG 9307554036.pdf
ONE BG 9307554036.pdf
tanvirali26
 
ONE BG 9307554036.pdf
ONE BG 9307554036.pdfONE BG 9307554036.pdf
ONE BG 9307554036.pdf
tanvirali26
 
Digital surveillance for covid 19 and its implications for security and privacy
Digital surveillance for covid 19 and its implications for security and privacyDigital surveillance for covid 19 and its implications for security and privacy
Digital surveillance for covid 19 and its implications for security and privacy
Rohini Lakshané
 
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Simone Aliprandi
 
Design and development of a fuzzy explainable expert system for a diagnostic ...
Design and development of a fuzzy explainable expert system for a diagnostic ...Design and development of a fuzzy explainable expert system for a diagnostic ...
Design and development of a fuzzy explainable expert system for a diagnostic ...
IJECEIAES
 
Determining the Factors of Slow Adoption of Information and Communication Tec...
Determining the Factors of Slow Adoption of Information and Communication Tec...Determining the Factors of Slow Adoption of Information and Communication Tec...
Determining the Factors of Slow Adoption of Information and Communication Tec...
Jasfia Khanam Fama
 
A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation
IJECEIAES
 
Online medical consultation: covid-19 system using software object-oriented a...
Online medical consultation: covid-19 system using software object-oriented a...Online medical consultation: covid-19 system using software object-oriented a...
Online medical consultation: covid-19 system using software object-oriented a...
riyaniaes
 
Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...
Ann Johnson
 

Similar to COVID19 vs GDPR: the case of “Immuni” Italian app (20)

A Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
A Cloud-Based Prototype Implementation of a Disease Outbreak Notification SystemA Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
A Cloud-Based Prototype Implementation of a Disease Outbreak Notification System
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
 
Role of Modern Technology in Fighting Stigma Related to HIV/AIDS
Role of Modern Technology in Fighting Stigma Related to HIV/AIDSRole of Modern Technology in Fighting Stigma Related to HIV/AIDS
Role of Modern Technology in Fighting Stigma Related to HIV/AIDS
 
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance SystemCloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
 
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
NEW CORONA VIRUS DISEASE 2022: SOCIAL DISTANCING IS AN EFFECTIVE MEASURE (COV...
 
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
National COVID-19 Health Contact Tracing and Monitoring System: A Sustainable...
 
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
 
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some ConsiderationsSpatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
Spatio-temporal Monitoring of Health Epidemics in Real-Time-Some Considerations
 
Comprehensive study: machine learning approaches for COVID-19 diagnosis
Comprehensive study: machine learning approaches for COVID-19 diagnosis Comprehensive study: machine learning approaches for COVID-19 diagnosis
Comprehensive study: machine learning approaches for COVID-19 diagnosis
 
Smart solution for reducing COVID-19 risk using internet of things
Smart solution for reducing COVID-19 risk using internet of thingsSmart solution for reducing COVID-19 risk using internet of things
Smart solution for reducing COVID-19 risk using internet of things
 
An Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: SurveyAn Automatic Coronavirus Detection Systems: Survey
An Automatic Coronavirus Detection Systems: Survey
 
ONE BG 9307554036.pdf
ONE BG 9307554036.pdfONE BG 9307554036.pdf
ONE BG 9307554036.pdf
 
ONE BG 9307554036.pdf
ONE BG 9307554036.pdfONE BG 9307554036.pdf
ONE BG 9307554036.pdf
 
Digital surveillance for covid 19 and its implications for security and privacy
Digital surveillance for covid 19 and its implications for security and privacyDigital surveillance for covid 19 and its implications for security and privacy
Digital surveillance for covid 19 and its implications for security and privacy
 
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspe...
 
Design and development of a fuzzy explainable expert system for a diagnostic ...
Design and development of a fuzzy explainable expert system for a diagnostic ...Design and development of a fuzzy explainable expert system for a diagnostic ...
Design and development of a fuzzy explainable expert system for a diagnostic ...
 
Determining the Factors of Slow Adoption of Information and Communication Tec...
Determining the Factors of Slow Adoption of Information and Communication Tec...Determining the Factors of Slow Adoption of Information and Communication Tec...
Determining the Factors of Slow Adoption of Information and Communication Tec...
 
A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation
 
Online medical consultation: covid-19 system using software object-oriented a...
Online medical consultation: covid-19 system using software object-oriented a...Online medical consultation: covid-19 system using software object-oriented a...
Online medical consultation: covid-19 system using software object-oriented a...
 
Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...
 

More from Federico Costantini

The EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
The EU ‘AI ACT’: a “risk-based” legislation for robotic surgeryThe EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
The EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
Federico Costantini
 
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALEL’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
Federico Costantini
 
Digital transformation: Smart Working, sicurezza e dati personali
Digital transformation: Smart Working, sicurezza e dati personaliDigital transformation: Smart Working, sicurezza e dati personali
Digital transformation: Smart Working, sicurezza e dati personali
Federico Costantini
 
20191004 Gamification PA
20191004 Gamification PA20191004 Gamification PA
20191004 Gamification PA
Federico Costantini
 
COST Action CA16222 on Autonomous and Connected Transport –How block chain co...
COST Action CA16222 on Autonomous and Connected Transport –How block chain co...COST Action CA16222 on Autonomous and Connected Transport –How block chain co...
COST Action CA16222 on Autonomous and Connected Transport –How block chain co...
Federico Costantini
 
20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...
20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...
20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...
Federico Costantini
 
20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...
20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...
20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...
Federico Costantini
 
20180914 “Inaction is not an option”. Informazione, diritto e società nella p...
20180914 “Inaction is not an option”. Informazione, diritto e società nella p...20180914 “Inaction is not an option”. Informazione, diritto e società nella p...
20180914 “Inaction is not an option”. Informazione, diritto e società nella p...
Federico Costantini
 
20180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.0
20180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.020180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.0
20180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.0
Federico Costantini
 
20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...
20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...
20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...
Federico Costantini
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
Federico Costantini
 
20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...
20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...
20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...
Federico Costantini
 
Social network, social profiling, predictive policing. Current issues and fut...
Social network, social profiling, predictive policing. Current issues and fut...Social network, social profiling, predictive policing. Current issues and fut...
Social network, social profiling, predictive policing. Current issues and fut...
Federico Costantini
 
Collecting Evidence in the «Information Society»: Theoretical Background, Cur...
Collecting Evidence in the «Information Society»: Theoretical Background, Cur...Collecting Evidence in the «Information Society»: Theoretical Background, Cur...
Collecting Evidence in the «Information Society»: Theoretical Background, Cur...
Federico Costantini
 
"Società dell'Informazione", organizzazione del lavoro e "Risorse Umane"
"Società dell'Informazione", organizzazione del lavoro e "Risorse Umane""Società dell'Informazione", organizzazione del lavoro e "Risorse Umane"
"Società dell'Informazione", organizzazione del lavoro e "Risorse Umane"
Federico Costantini
 
Problemi inerenti la “sicurezza” negli “autonomous vehicles”
Problemi inerenti la “sicurezza” negli “autonomous vehicles”Problemi inerenti la “sicurezza” negli “autonomous vehicles”
Problemi inerenti la “sicurezza” negli “autonomous vehicles”
Federico Costantini
 
Introduzione generale ai problemi della prova digitale
Introduzione generale ai problemi della prova digitaleIntroduzione generale ai problemi della prova digitale
Introduzione generale ai problemi della prova digitale
Federico Costantini
 
«Information Society» and MaaS in the European Union: current issues and futu...
«Information Society» and MaaS in the European Union: current issues and futu...«Information Society» and MaaS in the European Union: current issues and futu...
«Information Society» and MaaS in the European Union: current issues and futu...
Federico Costantini
 
POSTER: "When an algorithm decides «who has to die». Security concerns in “A...
POSTER: "When an algorithm decides «who has to die». Security concerns in “A...POSTER: "When an algorithm decides «who has to die». Security concerns in “A...
POSTER: "When an algorithm decides «who has to die». Security concerns in “A...
Federico Costantini
 
Società dell’Informazione e “diritto artificiale”. Il problema del “controll...
Società dell’Informazione e “diritto artificiale”. Il problema del “controll...Società dell’Informazione e “diritto artificiale”. Il problema del “controll...
Società dell’Informazione e “diritto artificiale”. Il problema del “controll...
Federico Costantini
 

More from Federico Costantini (20)

The EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
The EU ‘AI ACT’: a “risk-based” legislation for robotic surgeryThe EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
The EU ‘AI ACT’: a “risk-based” legislation for robotic surgery
 
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALEL’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
L’ETICA COME “DESIGN” NELL’INTELLIGENZA ARTIFICIALE
 
Digital transformation: Smart Working, sicurezza e dati personali
Digital transformation: Smart Working, sicurezza e dati personaliDigital transformation: Smart Working, sicurezza e dati personali
Digital transformation: Smart Working, sicurezza e dati personali
 
20191004 Gamification PA
20191004 Gamification PA20191004 Gamification PA
20191004 Gamification PA
 
COST Action CA16222 on Autonomous and Connected Transport –How block chain co...
COST Action CA16222 on Autonomous and Connected Transport –How block chain co...COST Action CA16222 on Autonomous and Connected Transport –How block chain co...
COST Action CA16222 on Autonomous and Connected Transport –How block chain co...
 
20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...
20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...
20181012 Intelligenza artificiale e soggezione all'azione amministrativa: il ...
 
20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...
20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...
20180327 Intelligenza artificiale e “computabilità giuridica” tra diritto civ...
 
20180914 “Inaction is not an option”. Informazione, diritto e società nella p...
20180914 “Inaction is not an option”. Informazione, diritto e società nella p...20180914 “Inaction is not an option”. Informazione, diritto e società nella p...
20180914 “Inaction is not an option”. Informazione, diritto e società nella p...
 
20180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.0
20180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.020180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.0
20180220 PROFILI GIURIDICI DELLA SICUREZZA INFORMATICA NELL’INDUSTRIA 4.0
 
20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...
20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...
20171031 Cosa vuol dire «essere avvocato» oggi? Il giurista tra «complessità ...
 
20170928 A (very short) introduction
20170928 A (very short) introduction20170928 A (very short) introduction
20170928 A (very short) introduction
 
20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...
20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...
20170927 Introduzione ai problemi concernenti prova come “informazione” e “in...
 
Social network, social profiling, predictive policing. Current issues and fut...
Social network, social profiling, predictive policing. Current issues and fut...Social network, social profiling, predictive policing. Current issues and fut...
Social network, social profiling, predictive policing. Current issues and fut...
 
Collecting Evidence in the «Information Society»: Theoretical Background, Cur...
Collecting Evidence in the «Information Society»: Theoretical Background, Cur...Collecting Evidence in the «Information Society»: Theoretical Background, Cur...
Collecting Evidence in the «Information Society»: Theoretical Background, Cur...
 
"Società dell'Informazione", organizzazione del lavoro e "Risorse Umane"
"Società dell'Informazione", organizzazione del lavoro e "Risorse Umane""Società dell'Informazione", organizzazione del lavoro e "Risorse Umane"
"Società dell'Informazione", organizzazione del lavoro e "Risorse Umane"
 
Problemi inerenti la “sicurezza” negli “autonomous vehicles”
Problemi inerenti la “sicurezza” negli “autonomous vehicles”Problemi inerenti la “sicurezza” negli “autonomous vehicles”
Problemi inerenti la “sicurezza” negli “autonomous vehicles”
 
Introduzione generale ai problemi della prova digitale
Introduzione generale ai problemi della prova digitaleIntroduzione generale ai problemi della prova digitale
Introduzione generale ai problemi della prova digitale
 
«Information Society» and MaaS in the European Union: current issues and futu...
«Information Society» and MaaS in the European Union: current issues and futu...«Information Society» and MaaS in the European Union: current issues and futu...
«Information Society» and MaaS in the European Union: current issues and futu...
 
POSTER: "When an algorithm decides «who has to die». Security concerns in “A...
POSTER: "When an algorithm decides «who has to die». Security concerns in “A...POSTER: "When an algorithm decides «who has to die». Security concerns in “A...
POSTER: "When an algorithm decides «who has to die». Security concerns in “A...
 
Società dell’Informazione e “diritto artificiale”. Il problema del “controll...
Società dell’Informazione e “diritto artificiale”. Il problema del “controll...Società dell’Informazione e “diritto artificiale”. Il problema del “controll...
Società dell’Informazione e “diritto artificiale”. Il problema del “controll...
 

Recently uploaded

Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
MattGardner52
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
9ib5wiwt
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
HarpreetSaini48
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
anjalidixit21
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
bhavenpr
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
9ib5wiwt
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
9ib5wiwt
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
azizurrahaman17
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
ssuser559494
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
Knowyourright
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
osenwakm
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
Daffodil International University
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
osenwakm
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
akbarrasyid3
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
Abdul-Hakim Shabazz
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
Trademark Quick
 

Recently uploaded (20)

Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
 

COVID19 vs GDPR: the case of “Immuni” Italian app

  • 1. 1 Prof. Aggr. FEDERICO COSTANTINI University of Udine > Department of Law EU GENERAL DATA PROTECTION REGULATION LECTURE Dr. Erion Murati - Webinar 28 May 2020 Universität Hamburg Fakultät für Rechtswissenschaft COVID19 vs GDPR: the case of “Immuni” Italian app
  • 2. 2 Summary (1) Introduction: tackling pandemies and other diseases From «typhoid Mary» to contemporary outbreaks (2) Different technological solutions: a short comparison GSM / IP / GPS / Wifi / Bluetooth (3) Different approaches to COVID19 (PROs / CONs) Contact tracing / contact tracking / exposure notification (4) COVID19 / GDPR (and mobile devices) A difficult balance, not a conflict (5) «Immuni» The italian solution (6) Conclusions Take away, Q/A </>
  • 4. 4 (1) Introduction: tackling pandemies and other diseases It is a current common understanding that in order to tackle the outbreak of infectious diseases it is required a combined strategy called “TTT”: - Test people in order to find who is affected; - Track how the disease is spreading; - Trace personal contacts of infected patients OECD Policy Responses to Coronavirus (COVID-19) Testing for COVID-19: A way to lift confinement restrictions (4 May 2020) (http://www.oecd.org/coronavirus/policy- responses/testing-for-covid-19-a-way-to-lift-confinement-restrictions-89756248/) https://commons.wikimedia.org/wiki/File:Mary_ Mallon_(Typhoid_Mary).jpg This approach is based on modern scientific evidences and can be dated back to the beginning of XX century, as demonstrated by the famous case of “Typhoid Mary”, a New York cook who (hiding from health authorities) infected the families where she worked, until she was forced to live in quarantine for the rest of her life.
  • 5. 5 (1) Introduction: tackling pandemies and other diseases Unfortunately, in the world we are living, things get more complicated by several factors which depend on the kind of disease and on people behaviour. Epidemiology can receive a huge contribution by computer science. The fact is that people is interconnected in a very complex decentralized network of personal and professional relations. This network is constantly changing, so it is difficult to test, treat and trace disease, both real and ”ficticious”. Coronavirus: Learning How to Dance Part 1: A Dancing Masterclass, or What We Can Learn from Countries Around the World https://medium.com/@tomaspueyo/coronavirus-learning-how-to-dance-b8420170203e Coronavirus: The Basic Dance Steps Everybody Can Follow Part 2 of Coronavirus: Learning How to Dance https://medium.com/@tomaspueyo/coronavirus-the-basic-dance-steps-everybody-can-follow-b3d216daa343 Coronavirus: How to Do Testing and Contact Tracing Part 3 of Coronavirus: Learning How to Dance https://medium.com/@tomaspueyo/coronavirus-how-to-do-testing-and-contact-tracing-bde85b64072e MUNZ, P., HUDEA, I., IMAD, J. & SMITH, R. J. S. 2009. When zombies attack!: Mathematical modelling of an outbreak of zombie infection. In: TCHUENCHE, J. M. & CHIYAKA, C. (eds.) Infectious Disease Modelling Research Progress. Nova Science Publishers. </> BARAN, PAUL, On Distributed Communications Networks: RAND, 1962, P-2626.
  • 7. 7 (2) Different technological solutions: a short comparison ICTs of course can help today. Different technologies can be exploited in tackling outbreaks. It is known that individuals can be located through the data shared by their mobile devices. Here I offer some quick examples.
  • 8. 8 (2) Different technological solutions: a short comparison GSM Tower cells are commonly used to pinpoint the location of individuals (for example in criminal investigations, or in emergency calls) Problems: not accurate (e.g. rural areas)
  • 9. 9 (2) Different technological solutions: a short comparison IP addresses If a device is connected to Internet, it is identified by an IP address, which is qualified as personal data, allowing the indirect identification of users. Problems: not accurate, transition IPv4-> IPv6
  • 10. 10 (2) Different technological solutions: a short comparison GPS The position of a device relies on a very sophisticated and worldwide satellite system. Problems: slow, inefficacy inside buildings https://en.wikipedia.org/wiki/Global_Positioning_System
  • 11. 11 (2) Different technological solutions: a short comparison Wifi Wi-Fi connections can locate us very easily. Problem: not accurate, needs to be activated
  • 12. 12 (2) Different technological solutions: a short comparison Bluetooth Bluetooth technology allows a more detailed proximity measurement Problem: needs to be activated
  • 13. 13 (2) Different technological solutions: a short comparison (Obvious) observation: As a matter of fact, each technology has advantages and disadvantages. Their utility depends on the purpose of their adoption. There is no «one fits all» solution. In ICTs, most of the implementations rely on the consent of the user. Monitoring people through devices is difficult because: - Not everybody owns a device (it is not mandatory to have a phone) - Devices are different (manufacturer, O.S., new / old) - Applications need to be activated and configured - Applications need to be running - There has to be an ecosystem which effectively processes all the data - The battery of the devices is needs to be recharged often </>
  • 14. 14 (3) Different approaches to COVID19 (PROs / CONs)
  • 15. 15 (3) Different approaches to COVID19 (PROs / CONs) There is a conceptual difference which is important to point out: Contact tracking The individual is tracked, which means that she/he is followed or monitored in its movement while it is performed. (es: mail tracking) Contact tracing The individual has already concluded its movement, and the analysis of its jouney goes backwards. (es: phone call tracing) Exposure notification The individual is neither traced nor tracked, but her/his contacts are logged. (es: Google / Apple api)
  • 16. 16 (3) Different approaches to COVID19 (PROs / CONs) In general, we are in front of a sub-optimal choice, since there is not a specific technology which is the best solution. Localization (GPS) Proximity (BLE) False positive (marked as infected while it is not) Having been in an infected place without becoming sick Having been in contact with someone infected without becoming sick False negative (marked as healthy while it is not) Having been infected by someone in a place considered «safe» Having been infected by someone not considered as positive, or in an infected place.
  • 17. 17 (3) Different approaches to COVID19 (PROs / CONs) There is also an option which depends on the approach adopted by the lawmakers and operated by the service providers. Centralized reporting Decentralized reporting Protocol Pan-European Privacy-Preserving Proximity Tracing Decentralized Privacy-Preserving Proximity Tracing Temporary Contact Numbers Protocol Model - User registration (pseudonimization) - (if positive) upload contact log - Centralized reporting server receives the logs - Human in the loop check -> Health authorities verification - Message sent to contacts - User exchange ephemeral Ids ((EphID) - Decentralized, since contact logs are stored locally on the devices - (if positive) report sent to a server and distributed to other devices - The device checks if there is a match with its contact list Key features - Risks of re-identification - Lacks of transparency - Contact logging and infection reporting are separated - Risk of attacks by third parties
  • 18. 18 (3) Different approaches to COVID19 (PROs / CONs) Apple / Google model of digital contact tracing (24 April 2020)
  • 19. 19 (3) Different approaches to COVID19 (PROs / CONs) Apple / Google model of digital contact tracing (24 April 2020) - Decentralized as DP-3T - Implemented at operating system level - Interoperability (IOS / Android devices) - Limitations by the operating systems (and thus the kind of devices) - IOS 13.5 - Android Marshmallow and later </>
  • 20. 20 (3) Different approaches to COVID19 (PROs / CONs) Why do they do that? To collect data from other sources or in other ways … https://blog.google/outreach-initiatives/small- business/new-tools-help-businesses-during-covid-19/ </>
  • 21. 21 (3) Different approaches to COVID19 (PROs / CONs) Are there other approaches? What about, instead of building an app, to create an ecosystem? The purpose is to combine GPS + BLE in order to get the most benefits while minimizing drawbacks - Open code - BLE contact tracing - Decentralized logging of contacts - Authorized verification of positives - «Heat map» for healthcare authorities </> https://covidsafepaths.org/
  • 22. 22 (4) COVID19 / GDPR (and mobile devices)
  • 23. 23 (4) COVID19 / GDPR (and mobile devices) There was a time when GDPR was feared … it was just two years ago … With the outbreak of COVID19 the public opinion has changed. GDPR is considered from a twofold perspective: - On one hand, as the last stronghold of fundamental rights of the individual - On the other hand, a useless regulation hampering the enforcement of public health. The common belief is that public health is in contrast with individual privacy https://www.facebook.com/VaronisSystems/photos/pb. 125005500878837.- 2207520000.1508767539./1549165935129446/?type= 3&theater
  • 24. 24 (4) COVID19 / GDPR (and mobile devices) KEY ASSUMPTIONS (1) «Privacy» is about individual consent (2) «data protection» is about security CONSEQUENTLY (1) GDPR is not about «privacy» (2) «data protection» is not against public health
  • 25. 25 (4) COVID19 / GDPR (and mobile devices) - Art. 6 GDPR provides grounds for data processing of personal data (including geolocalization): consent is only one among six conditions - (among the conditions): Art. 6 § 2 lett. e) «processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller»; - Art. 9 GDPR provides grounds for data processing of «special categories of personal data» (including health): consent is only one of many others exceptions - (among the exeptions): (Art. 9 § 2 lett. i) «processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;» - Further provision: art. 9 § 4: «Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health».
  • 26. 26 (4) COVID19 / GDPR (and mobile devices) Keypoints of the European Data Protection Board - Statement on the processing of personal data in the context of the COVID-19 outbreak — 19/03/2020 - Mandate on the processing of health data for research purposes in the context of the COVID-19 outbreak — 07/04/2020 - Mandate on geolocation and other tracing tools in the context of the COVID-19 outbreak — 07/04/2020 - EDPB Letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic — 14/04/2020 «The EDPB notes that the mere fact that the use of the contact tracing takes place on a voluntary basis, does not mean that the processing of personal data by public authorities necessarily be based on the consent. When public authorities provide a service, based on a mandate assigned by and in line with requirements laid down in law, it appears that the most relevant legal basis for the processing is the necessity for the performance of a task for public interest». </>
  • 28. 28 (5) «Immuni» History - 24-26 March 2020: «Fast call» from the Ministry of innovation, 319 applicants - 2 were in the final selection, 1 won: a consortium between Bending Spoons and Centro Medico Santagostino - 16 April 2020: Contract with the winner signed for free - 29 April 2020: opinion of the Data Protection Supervisor on the legislative proposal - 13 May 2020: concerns expressed by the Parliamentary Commission for national security - 25 May 2020: open code released publicly https://github.com/immuni-app/immuni-documentation https://innovazione.gov.it/source-code-immuni/
  • 29. 29 (5) «Immuni» Features (similar to Apple / Google platform) «When two users come sufficiently close to each other for long enough, their devices record each other’s rolling proximity identifier in local memory. Rolling proximity identifiers are generated from temporary exposure keys and change multiple times each hour. Temporary exposure keys are generated randomly and change once per day. When a user tests positive for SARS-CoV-2, the virus causing COVID-19, they have the option to upload to a server their recent temporary exposure keys. This operation can only happen with the validation of a healthcare operator. The app periodically downloads the new temporary exposure keys and uses them to derive the infected users’ rolling proximity identifiers for the recent past. It then matches the identifiers against those stored in the device’s memory and notifies the user if a risky exposure has occurred. The system uses no geolocation data whatsoever, including GPS data. So, the app cannot tell where the contact with a potentially contagious user took place, nor the identities of those involved. Besides the temporary exposure keys, the Immuni app also sends to the server some analytics data. These include epidemiological and operational information, and are sent for the purpose of helping the National Healthcare Service (Servizio Sanitario Nazionale) to provide effective assistance to users». https://github.com/immuni-app/immuni-documentation/blob/master/README.md
  • 30. 30 (5) «Immuni» Key findings - The Italian Ministry of Health is the Data Controller - Open source code: GNU Affero General Public License v3.0 - Decentrealized servers / encryption of data stored on the devices - Validation of health operator is intended to avoid the upload of false positive in the database - Upload of epidemiological information for health authorities - Personal data erased on 31/12/2020 - Three regions selected for testing the app (Liguria, which refused, Abruzzo and Puglia), not Ferrari (as it seemed at the beginning) https://github.com/immuni-app
  • 31. 31 (5) «Immuni» Legal Background - Article 6, D.L. 30 aprile 2020, n. 28, Misure urgenti per la funzionalita' dei sistemi di intercettazioni di conversazioni e comunicazioni, ulteriori misure urgenti in materia di ordinamento penitenziario, nonché disposizioni integrative e di coordinamento in materia di giustizia civile, amministrativa e contabile e misure urgenti per l'introduzione del sistema di allerta Covid-19 (GU n.111 del 30-4- 2020): - Comma 1: adoption of the exposure notification platform -> «Immuni» - Comma 2: Data Impact Assessment (art. 35 GDPR) and Data Protection Authority consultation - Comma 3: exclusion of processing for different purposes - Comma 4: no prejudice for non-adopters or opting-out - Comma 5: servers in Italy, provider in Italy, open code - Comma 6: expiration date of the data processing: 31/12/2020 - Comma 7: budget limit 1.500.000 euro
  • 32. 32 (5) «Immuni» Concerns - Cybersecurity. 13 May 2020, report from the Italian Parliamentary National Security Committee: company shareholders (not entirely Italians) - Data Impact Assessment (Article. 35 GDPR) not yet released by Ministry of Healtyù - Database provider, the Ministry of Health will delegate the handling to third parties (State-owned companies) which at the moment are not identified and the code has not been still implemented. - Limitations of liability for authors included in the License - Transparency (as of today it seems that the code released is not the final version) (https://www.infosec.news/2020/05/26/news/tecnologie-e-salute/sapete-che-con-immuni-non-ce-nessuna-garanzia-da-bending- spoons/)
  • 34. 34 (6) Conclusions TAKE AWAY (1) Privacy is not data protection, GDPR is not against healthcare (2) The perception of privacy depends on culture (private / public) (3) Individual usage is an issue (it is quite unlikely that these apps will be used by the majority of the population) (4) Some concerns have not raised the attention of the general public: (1) Private contact tracing apps (employers / employees) (2) Local contact tracing apps (municipalities, regions) (3) Interoperability among different national apps (German, Austrian, Italian) (5) COVID19 will pass (hopefully), but our society is changed quickly, deepl, and maybe forever (welcome to the XXI Century) </>

Editor's Notes

  1. https://innovazione.gov.it/tele-medicine-and-monitoring-systems-a-call-for-technologies-to-contrast-the-spread-of-covid-19/