Charter for developing a COVID-19 contact mapping and m-Health application

All parties of this collaboration subscribe:

• the “Joint civil society statement: States use of digital surveillance technologies to fight pandemic must respect human rights” (see Joint Civil Society Statement) issued on 02/04/2020, in particular the eight conditions outlined that need to be met when digital surveillance is used in this COVID19 crisis;
• the call made by the European Data Protection Supervisor on 06/04/2020 “to make sure that any measures taken at European or national level are:
• Temporary – they are not here to stay after the crisis.
• Their purposes are limited – we know what we are doing.
• Access to the data is limited – we know who is doing what.
• We know what we will do both with results of our operations and with raw data used in the process – we know the way back to normality.”
• the Commission Recommendation of 08/04/2020 on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile applications and the use of anonymised mobility data.

To that end, all parties commit to respect the following principles:

• All parties are fully aware of the sensitive nature of the data that is collected and of the ensuing moral responsibility, necessitating the prevention of possible stigmatisation. Parties will act accordingly and have translated this into the privacy and security policy, and into this charter.
• All efforts are destined to leverage the power of multidisciplinary research, technology, analytics and data protection to respond to the COVID-19 pandemic, including the phasing out of restrictive measures in an exit strategy.
• All parties create full transparency through open sourcing all components.
• All parties fully respect citizen-users’ fundamental rights and autonomy, including by making data processing dependent on their consent, regardless of the legal basis for processing.
• All parties oppose an application which should be mandatorily used by citizens.
• All parties seek full integration in a government-led testing and care strategy, whilst preventing access to non-anonymised data by governmental authorities other than properly legally mandated public health authorities or research institutions, subject to explicit user consent.
• All parties oppose use for policy or law enforcement purposes of the insights created through data analysis, unless based on anonymised data.
• As researchers, parties prioritize the societal responsibility over potential research value of the data that is collected. Any data that cannot be truly anonymised will be deleted once it has no more value for the primary purpose of responding to the pandemic, including the phasing out of restrictive measures in an exit strategy.
• All parties commit to not engage in any commercial exploitation of the data collected and to oppose any such exploitation by third parties, even where it concerns anonymised data.