Privacy issues arise as governments track virus

Mass tracking of people's smartphone data on movements and location is one such worry.

Although the EU's general data protection regulation (GDPR) gives people ownership over their data, it also allows competent public health authorities and employers to process it when a pandemic strikes.

That point was driven home by the head of the EU's data protection board Andrea Jelinek, who warned governments any extra processing of personal data must not be irreversible.

She said location data in principle can only be used when made anonymous or with the consent of individuals.

Jelinek noted the EU's ePrivacy directive, for example, enables member states to introduce legislative measures to safeguard public security.

"Such exceptional legislation is only possible if it constitutes a necessary, appropriate and proportionate measure within a democratic society," she said.

Germany, for instance, earlier this month amended its GDPR-enabling legislation to allow for processing personal data in the event of an epidemic.

Poland's threaten to send the police

But some practices and proposals floated among EU states appear to be already pushing the boundaries of what is legal.

In Poland, a government ministry has rolled out an 'Home Quarantine' application that requires people in isolation to take geo-located selfies of themselves.

Once an SMS is sent instructing them to snap a photo, they have 20 minutes or risk having police dispatched to their homes.

In France, an amendment to an emergency bill is asking lawmakers to rubber-stamp telecoms data collection for six months.

Belgium proposed three months. The plan, first floated by two tech entrepreneurs and later endorsed by the government, requested telecom data from all Belgians.

Meanwhile, Austrian telecom operator A1 has granted limited government access to anonymised location data for only the first two Saturdays in March.

Telecom operators are also offering up people's data elsewhere in Europe.

German mobile operator Deutsche Telekom is sharing anonymised users' movement data with the Robert-Koch Institute. The data is being used to see if people respect government restrictions in the wake of the pandemic.

In Italy, Vodafone is producing an aggregated and anonymous heat map for the Lombardy region to help the authorities better understand population movements.

"It may become increasingly important for governments to understand people's movements to contain the spread of the virus, especially inside and to/from areas under quarantine," it said, in a statement.

Critics warn that even anonymised data has potential pitfalls.

"Monitoring the movements of all citizens - even without names - does not protect anyone from infection, but it makes unprecedented mass surveillance possible," said German MEP and Pirate Party member Patrick Beyer, in a statement.

He said the analysis of bulk location data risks setting a precedent for real-time identification of people that may seek to challenge those in power later on.

The Big Brother approach to data collection on national security grounds has already landed Belgium, France and the United Kingdom at the European Court of Justice in Luxembourg.

Although the case is still ongoing, an opinion earlier this year by the advocate general said such measures must be targeted, temporary and used only in cases of imminent danger.