Authorities in Germany faced increasing criticism on Tuesday over their misuse of a COVID contact tracing app to investigate a case.
The case exemplifies concerns voiced by data protection experts. It also plays into the hands of protest groups that staunchly oppose all pandemic curbs and voice skepticism over COVID vaccinations, politicians have warned.
The incident concerns authorities in the city of Mainz. At the end of November, a man fell to his death after leaving a restaurant in the city, prompting police to open a case.
While trying to track down witnesses, police and prosecutors managed to successfully petition local health authorities to release data from the Luca app, which logs how long people stayed at an establishment.
Authorities then reached out to 21 potential witnesses based on the data they had unlawfully acquired from the app.
Reports on the case, which emerged last week, sparked widespread outrage.
Public prosecutors in Mainz said in a statement that they've launched an inquiry and are ensuring "that the relevant data will not be used further."
To date, there are no other known cases in which police managed to get data from the app for investigations.
What does the app do?
The Luca app works by logging the amount of time that patrons spent at a restaurant, bar or cultural event.
Users enter their personal information into the app. They can then scan a QR code at a restaurant or event and log out when they leave.
In the event that someone tests positive for COVID-19, local health authorities can more easily identify and alert people who may have been exposed to the virus.
The use of the Luca app and others like it have relieved some of the paperwork burden for restaurants, bars and event organizers — who, in the early stages of the pandemic, were required to have customers write down their contact details on pieces of paper.
The app is also subject to Germany's strict data protection laws.
The only way to retrieve the data is if the local health department and the establishment both give their consent to unencrypt the personal data.
Once it is no longer encrypted, only local health departments are permitted to have access to the personal details of the patrons. Furthermore, the data can only be used in the event of chasing a potential infection chain.
What has the response been?
The app's developers, culture4life, sharply criticized the actions of authorities in Mainz.
"We condemn the abuse of Luca data collected to protect against infections," the company said in a statement.
Culture4life added that it receives frequent requests for its data from the law enforcement — but those requests are routinely denied.
Members of Germany's ruling coalition, which comprises the Social Democrats, Greens and Free Democrats, have also voiced concern over the case.
Konstantin von Notz, a senior member of the Greens, warned that abuse of the app could undermine public trust and hamper efforts to stem rising COVID-19 cases.
"We must not allow faith in digital apps, which are an important tool in the fight against COVID-19, to disappear," he told Tuesday's edition of Handelsblatt newspaper.
Some politicians even called for people to delete the app from their phones — a position staunchly opposed by one of the app's developers.
German rapper Smudo helped develop the app, and is a business partner in the venture, to enable his band and other musical acts to once again perform live.
"I think it's irresponsible that calls from one or two politicians — who I'd never heard of before — could lead prompt people in the middle of this pandemic situation to delete the Luca app," Smudo told the mass-circulation Bild newspaper.
"Whoever is clinging to the edge of a cliff doesn't simply throw away a rope," the rapper said.
rs/wmr (dpa, AFP)