Dear President, Dear Ministers,
First, I would like to thank the Croatian Presidency for organising this extraordinary meeting. I believe it is very timely to discuss connectivity and the contact tracing app.
This pandemic knows no borders or nationality. Its rapid spread can only be stopped if we act together, with urgency, daring, responsibility, but above all in a spirit of unwavering solidarity.
As part of the instruments at our disposal are of course all the digital technologies as Margrethe said.
Contact tracing apps
First, on the contact tracing app, the Commission adopted a Recommendation of 8 April, which was followed up by a common EU toolbox (developed together with national authorities, through the eHealth network) and guidance on the respect of privacy and data protection (done after consultation of your national data protection authorities through the EDPB).
The purpose of contact tracing apps is to follow and – as much as possible – break the infection chains.
Many of you are working on such an app, as it could help a lot –complementing traditional contact tracing mechanisms – in the progressive lifting of the restrictions and restoration of free movement of people across our borders.
But in doing so, it is extremely important that we keep a European approach.
This approach – as expressed in the toolbox – is clear. These apps must be voluntary, transparent, temporary, cybersecure, using anonymised data, relying on Bluetooth technology and no geolocalisation and they must be inter-operable across borders (but also across operating systems).
The point on interoperability is crucial: EU citizens must be able to be alerted of possible contagion in a secure and protected way, wherever they are in the EU, and whatever app they are using.
I welcome therefore the ongoing technical work done with your services to set out general criteria of cross-border interoperability between all national apps. This is paramount, and we should ensure this work is translated into concrete results in the next 10 days.
We should not get divided between the two different approaches (centralised and decentralised) as in the end, there is always a back-end server, even in a so-called decentralised approach. The question is more which data goes on the server.
The toolbox allows for both approaches, with the same necessary safeguards, when it comes to the protection of privacy and security. Both have risks which needs to be catered for.
Regardless of the approach chosen, these apps should be run by the national health authorities. These authorities should have access to the possibility to adjust the parameters of the apps and the necessary information to monitor the efficiency of the measures taken.
In this perspective, it is imperative we present a common approach and common requirements to Google and Apple. This is what we are now working on together with you, also after the release of some elements of their approach yesterday.
Since their announcement on the joint development of an API weeks ago, the Commission has been in regular contact with Google and Apple. I personally spoke with the CEOs of both companies. My message to both was clear:
- Firstly, we appreciate the work done on interoperability of their OS. This is important.
- Secondly, their companies must act responsibly and do their utmost to find suitable technical solutions that make national apps work in compliance with the principles of the toolbox, including that the health authorities must remain in control.
- And thirdly, regardless of the technological solution used, we will not compromise on EU privacy rights.
Dear colleagues, on the matter of these apps, I would like to make a plea that we all speak with a single voice irrespective of the national technological solutions chosen, otherwise we risk undermining the trust of citizens in these apps.
I am therefore glad we are converging towards a common approach. Some details needs to be worked out. This should be done very quickly by our technical teams in the coming days.
Besides the contact tracing app, a second stream of discussions and activities focuses on how to facilitate the use of anonymised and aggregated mobility data, in the context of modelling the effectiveness of measures taken. This will be the topic of the second edition of the EU toolbox.
I want to highlight two aspects: This activity is not tracking and it is based on the needs of the authorities. The goal is to create datasets and measurement methodologies (based on epidemiologic data) which can inform decision makers and allow them to adopt the most appropriate policy on lifting restrictions.
This is in line with GDPR and e-privacy as long as they are aggregated and anonymised, as confirmed by the EDPS for the project we run with JRC.
Finally on Connectivity, I will not repeat what Margrethe said. I just wanted to add two main elements:
Firstly, at a time when so many Europeans are teleworking, we realise the value of having resilient digital infrastructures and the need to invest into connectivity. I really hope Member States will therefore support the level of budget allocated to the CEF Digital and the Digital Europe Programme.
Secondly, I would like to use this opportunity to emphasise the importance of Member States continuing to implement the recommendations of the 5G security toolbox, which sets out a joint approach based on an objective assessment of identified risks and of corresponding mitigating measures.
The toolbox was not the end of the process, only the beginning. The coming months will be an important test for our credibility as Europe. It is now important to keep the momentum going and maintain the commitment to work together on a consistent implementation of the toolbox across Member States.
Of course, I am fully aware that the current events may create some issues in the national processes, and lead to certain delays. But this crisis, if anything, should be an accelerator on the need to ensure the security of our networks. So I really count on you to implement this approach.