Many countries have introduced mobile phone apps for the purpose of contact-tracing. While the use of apps in itself isn't problematic, a number of elements have to be taken into account.
In certain cases, the apps collect more data than is is strictly necessary. Largely there are two kinds of contact-tracing apps: one relies on Bluetooth, and therefore only registers which other citizens you have been near; another relies on GPS data and therefore stores where citizens have been exactly, which is more problematic. Certain apps collect far more data than is necessary and proportionate to halt the spread of the virus, forcing users to grant permissions to access media files, call logs on their phones and grant full network access. Governments should pay attention to gain individual and informed consent from users for each type of data they wish to collect.
Concerns have been raised about where the collected data is stored, for how long and if it is sufficiently secured. Certain countries are using centralised databases, that constitute a bigger risk to the security of citizens' information, which is in this case extremely sensitive, than apps that depend on decentralised storage of information on individual citizens' phones. In other cases the data ends up in the hands of private, for-profit corporations.
In some countries citizens are obligated to install a contract tracing app, in some cases under punishment of fines and jail-time.
Developing apps with safety, privacy and data protection in mind. If safety and security issues concerning data occur, this should be communicated to people.There should be transparency and accountability in the way that data is used and the extent to which people's privacy is infringed on.
Creators of apps in the EU need to adhere to EU's General Data Protection Regulation which guarantees certain rights to consumers. Violators can face large fines if found guilty of transgressions. This law has inspired many similar data protections laws around the world. However, even more can be done on an international level to create standards for data protection.
Civil society could help to voice people's concerns. An example of this is a lawsuit filed against Zoom by a watchdog group over allegedly false data protection claims.
Citizens can also make use of other mechanisms already available to them such as lawsuits, protests and petitions.
There should also be certain rights built into apps such as the right to be forgotten.
Against this background these concrete suggestions can be made:
Either no data collection or Data collection is necessary (1) and proportionate (2) (Data collection has a demonstrable effect to alleviating the corona-crisis and the information cannot be gathered any other way). Individual and informed consent is won from users (3), alternatives are offered (4), data is adequately protected and will be not shared with third parties (5), data will be deleted after a clear and appropriate timeline (6).