Authorities in Germany are facing intense backlash from privacy advocates in the country for using data from a COVID-19 contact tracing app to track down witnesses to a crime.
What are the details?
The outcry, which stems from November of last year, started after a man fell and died while leaving a restaurant in the German city of Mainz, located roughly 30 miles southwest of Frankfurt, the Daily Mail reported.
Following the incident, police made the questionable decision to use information shared on the COVID-tracking app, Luca, to gather potential witnesses. The app, however, was not created to aid criminal investigations, but rather to help trace the spread of the coronavirus by allowing users to record visits to bars and restaurants.
Luca reportedly accomplishes its goal by tracking the length of time users spend at an establishment and logging a user’s full name, address, and telephone number.
The app is protected by Germany’s strict privacy laws and, as such, when users agree to join the app, they expect that their data will be protected. Under German law, information from the app cannot be accessed by non-health authorities for use in criminal prosecutions, the Washington Post reported.
Nevertheless, authorities in Mainz successfully appealed to local health authorities to gain access to the contact information for 21 people who were present at the time of the incident, according to Luca’s tracing data.
The move sparked immediate criticism from members of the public. Prosecutors have since apologized to the people involved in the probe, and the local data protection authority has opened an inquiry into the incident.
The company that developed the app, Culture4Life, said in a statement, “We condemn the abuse of Luca data collected to protect against infections,” according to the Daily Mail.
Culture4Life added that it routinely receives and rejects requests from law enforcement seeking its tracing data. The company added that since the data is encrypted to ensure users’ privacy, it is unable to access that information. Health authorities are only allowed to decrypt the information if someone at a venue is infected.
“In this case, the health department probably simulated an infection under pressure or requests from the police and obtained the consent of the company [the restaurant] to provide the data,” the organization reportedly suggested.
Several German lawmakers denounced the incident and subsequently warned it could undermine future efforts to track the virus’ spread.
“By doing this, the police erodes trust in the use of technology that can be useful to combat the pandemic,” said Bijan Moini of the Society for Civil Rights, a Berlin-based watchdog, according to the Post.
He added that “every such incident … and there were others in the past … has to be viewed in a long line of the state not restricting itself to the purposes it once defined in order to justify ever more data processing.”
Konstantin von Notz, a lawmaker for the German Greens, reportedly told the Handelsblatt newspaper, “We must not allow faith in digital apps, which are an important tool in the fight against covid-19, to disappear.”
Mainz authorities have reportedly not responded to the Post’s request for comment.