Privacy Protection, big data gathering and

public health issues:

COVID-19 tracking app use in Italy

Elena Falletti, Carlo Cattaneo University, Italy

Human Sovereignty and Machine Efficiency in the Law

January 14-16, 2021, The Chinese University of Hong Kong
 The Italian tracking app Immuni
● The emergency regarding the containment of
COVID-19 outbreak
● Two different approaches
– The centralised model (in which anonymised data
gathered are uploaded to a single national remote server)
– The decentralised model (that keeps personal information
on the users’ device)
● Role of Google/Apple infrastructure
● Italian choice: the Immuni app
 The Italian regulation
● Italian Constitution: Article no. 13 (Right to freedom) and Article
no. 16 (Freedom of movement)
● Article no. 7 and no. 8 of the Charter of Fundamental Rights of
the European Union
● Article no. 5 GDPR
● Article no. 28 GDPR
● Article No. 9 E-privacy Directive
● Article No. 15 E-privacy Directive
● Article n. 6 Law-Decree 28/2020 (Decree-Law, amended and
converted by L. 25 June 2020, n. 70)
 Characteristics of Immuni/1
● Collection of big data and management through a black box
● National platform system management alert
● The “Immuni app” is intended for recording only contacts
between subjects who have also downloaded the application
● Privacy protection, individual consent, and local data
management are considered preferable to mandatory
traceability
● Explicit and informed consent given by the interested party
who has downloaded the app on his/her smart device
 Characteristics of Immuni/2
● The processed data collected regards proximity
contacts
● Data retention is limited to the stricly necessary
time
● According to the Italian Government, privacy
protection, individual consent, and local data
management were considered preferable to
mandatory traceability and centralised
management of the same data
 Characteristics of Immuni/3
● Why is this so?
- privacy by design
- preventing third party access to personal data
collected on the smartphones by sending a package of
personal information linked to a double exchange of
anonymised code
● The aim of this process is to prevent the recombination
of the anonymised data with the decoding keys that
could be able to reconstruct user identity
 Immuni tracking process
● The starting point regards contact tracing, which identifies
contacts between smartphones and exchanges encrypted
metadata stored in each smartphones.
● It is possible through random, pseudo-anonymised and dynamic
identifiers such as:
- The RIP (Rolling Proximity Identifier) to them once processed
by secondary and random keys
- i.e. the RPIK (Rolling proximity Identifier Key).
● These keys are produced by primary keys such as the TEK
(Temporary Exposure Key) which have a longer duration than
the RPI.
 Inferential re-identification

● This tracking methodology falls down on the the

“disconnection” of the tracing data from the
identity of the users
● This is the so-called the “inferential re-
identification” by users to reconstruct the
contact chain backwards up to the person at
the origin of the infection
 A crossroad opens up
● It may be asked whether “an act of trust” is enough to
implement a tracking infrastructure that is extraneous to
European jurisdiction proposed by Google/Apple approach.
- This should be prevented in favour of EU member states’
jurisdiction.
● On the other hand, considering whether releasing an open
source programme code is a proper solution, enhancing the
retention of data on personal devices, instead on a platform,
although the law itself allows such data to be used in
aggregate or anoymous for for public health or scientific
purposes.
 The Italian case
● In the Italian case, this platform is managed by the
Ministry of the Health which, through a “Diagnosis
Server”, exchanges the daily TEK identification data
associated with positive cases, verified with the list of
RPIs stored on the same smartphone during a specific
time.
● In this procedure the Apple/Google software acts like a
bridge, permitting the verification of the steps backwards
by reconstructng the data collected (TEK, RPIK, RIP) in
order to trace the reference device from which the
contagion alert was sent.
A matter of worthiness choices?
● Two alternatives could be kept in mind:
1) it might be wondered whether turning to an
assumed redemptive power of technology is
acceptable, since technology should be
capable of “bypassing” and resolving
autonomously such legal issues trought an
autoritative power of Government
 A matter of worthiness
choices?/2
2) the second option regards the decisions to whether
complying with the traditional hierarchy of legal sources,
starting from source of protection of inviolable rights, should
be preferable.
● In anycase the juridical form of the technological tool (i.e.
Immuni) is important, and legitimates the scaffolding that for
reasons of protection of public health imposes very invasive
restrictive measures on personal freedom of each person
Nevertheless, the tracking app should be adopted within the
limits set by the Constitution, which in these serious
circumstances seem weak.
 Neutrality and blindness
● The app architecture should be detailed with the prior
assessment of the effects and possible impacts on the rights
and freedoms of the persons concerned
● Technology is not neutral even if it is blind (C. Schmitt)
● On the contrary blindess can lead to serious discrimination in
its use
● The sensitive issue regards the fact that these data do not
concern only protection of health, but also other fundamental
personal goods and rights involved in data proceedings, such
as personal freedoms or the right of movement and assembly
 Some final remarks
● As of 11 January 2021 Immuni has been downloaded
10.139.326 times, with a strong increase in recent
weeks, sending 84.460 notifications and reporting 8.469
positive users (source: Immuni website).
● These data suggest that the rate of utilization (and of
feedback in the tracing of positives) was scarce
● Indeed, it reveals a serious problem concerning the
ability to trace, and thus isolate, the contacts of positive
persons.
 Short Bibliography
● Calderini, B., Covid-19, tra diritto alla salute e tutela della privacy: la scelta che l’Italia deve fare, https://agendadigitale.eu,
24.3.2020
● Cosgriff, C. V., Ebner, D. K., Celi, L. A., Data sharing in the era of COVID-19, The Lancet, Digital Health, 2020, 2, E22,
https://doi.org/10.1016/S2589-7500(20)30082-0
● Degeling, C. Carter, S. M., van Oijen, A. M., McAnulty, J., Sintchenko, V., Braunack-Mayer, A., Yarwood, T., Johnson, J., Gilbert,
G. L., Community perspectives on the benefits and risks of technologically enhanced communicable disease surveillance
systems: a report on four community juries, BMC Med Ethics 21, 31 (2020)
● Edwards, L., Tracking the debate on COVID-19 surveillance tools, Nature Machine Intelligence, 2, June 2020, 301
● Ferretti, L., Wymant, C., Kendall, M., Zhao, L., Nurtay, A., Abeler-Dörner, L., Parker M., Bonsall, D., Fraser, C., Quantifying
SARS-CoV-2 transmission suggests epidemic control with digital contact tracing, Science, (2020), 10.1126/science.abb6936;
● Frosini, T. E., Anonimato, privacy, niente obbligo: le salvaguardie ora ci sono, 5.5.2020,
https://www.ildubbio.news/2020/05/05/anonimato-privacy-niente-obbligo-le-salvaguardie-ora-ci-sono/
● Gibney, E., Whose coronavirus strategy worked best? Scientists hunt most effective policies, Nature 581, 15-16 (2020)
● Harari, Y. N., The World After Coronavirus, Financial Times, 20.3.2020;
● Lu, N., Cheng, K. W., Nafees Qamar, P., Huang, K. C., Johnson, J. A., Weathering COVID-19 Storm: Successful Control
Measures of Five Asian Countries, AJIC: American Journal of Infection Control (2020), doi:
https://doi.org/10.1016/j.ajic.2020.04.021
● Shu Wei Ting, D., Carin, L.. Dzau, V., Wong, T. Y., Digital technology and COVID-19, Nature Medicine volume 26, pages459–
461(2020);
● Trucco, L., App. Immuni una storia stran(ier) e incompiuta, 25.5.2020, www.giustiziainsieme.it