European countries form coalition over contact tracing app concerns

Several European countries, including Switzerland and Germany, are demanding all user data generated by coronavirus contact tracing apps be stored on-device, rather than aggregated on a centralized server.

With talk of lifting border restrictions taking place, European countries begin voicing their concerns over the ethical deployment of contact tracing apps. A new coalition led by Switzerland and backed by countries like Germany, Austria, Finland, and Italy, is concerned that contact tracing apps could be used to spy on citizens. They argue that data should be stored locally on a user's device, rather than held by government health officials.

This approach dovetails with the goals and implementations provided through Apple and Google Exposure Notification project. Apple and Google's API uses Bluetooth tracking tokens stored on a user's device to alert them when they've come in contact with someone who has tested positive for COVID-19.

The coalition has laid out a roadmap to enable national apps to exchange data and handle infections when people travel abroad. The primary goal is to help countries create a decentralized system that can still accurately alert those who may have been exposed to the virus.

The document states that everything must take place on a user's device, from generating identifiers to computing risk of exposure. They also clarify that any apps should be limited to distributing COVID-positive data, and not broadcast any information of those who have not tested positive.

"Everything about these projects has from Day One been about how we can make it work on an international level," Marcel Salathe, a digital epidemiologist at the Swiss Federal Institute of Technology in Lausanne, told Reuters.

However, both the U.K. and France argue that citizens should trust health authorities to hold the information on a central computer server. The U.K.'s National Health Service announced that they would utilize their own centralized contract-tracing system, rather than deploying the exposure notification technology being developed by Apple and Google.

Australia has taken a similar approach to user data, giving users the option to upload their health data to a web server owned by Amazon Web Services.