|Risks and Legal Protection of Personal Data Under the Technological Measures for Pandemic Prevention in Germany|
|Infektionsschutzgesetz (IfSG), Corona-App, General Data Protection Regulation (GDPR), Protection of Sensitive Personal Data, Infection Tracing|
|11 NCTU L. REV., September 2022, at 135-204.|
|Since early March 2020, the daily number of confirmed COVID-19 infections has grown significantly in all states of Germany. To effectively curb the worsening pandemic, the German parliament quickly passed the “Gesetz zum Schutz der Bevölkerung bei einer epidemischen Lage von nationaler Tragweite” and the “Das Zweite Gesetz zum Schutz der Bevölkerung bei einer epidemischen Lage von nationaler Tragweite” in March and May respectively. It also approved the authorizations under the laws, which amended the provisions of the “Infektionsschutzgesetz” (IfSG). Articles 4 and 14 of the amended IfSG authorize the pandemic prevention agency “Robert Koch-Institut” (RKI) to develop an electronic reporting and information system that will be used to trace coronavirus infections and prevent its spread. The aforementioned “electronic reporting and information system” is the Corona-App developed and promoted by the Bundesministerium für Gesundheit (BMG) and RKI.
After a user has voluntarily installed the app, it will locate his or her position and transmit contact data to a server of the government agency in charge of pandemic prevention for real-time tracking of the user’s contact with any infected person within a certain distance and for the tracing of his or her movement. The transmitted data will be analyzed and used to quickly identify users who may have had contact with the infected person. They will be immediately recalled and isolated, and the next group of users possibly having had such contact will be identified. Even though the use of the app for pandemic prevention is legally permitted, its actual application has been controversial for the German academic circles in law and public health. When the app is running, all personal data collected by it is transmitted to the executive authorities for processing, regardless of whether such data is sensitive or ordinary. Therefore, it is inevitable that concerns arise over the infringement of personal and privacy rights due to misuse of personal data.
For opponents to the app, despite the voluntary nature of its use, it should not be hastily introduced because the law fails to specify the types, scope and methods of processing the personal data collected. For supporters of the app, however, excessive protection and overly conservative application of such data constitute a violation of the fundamental human rights in the “integrity of personal health”. Both supporters and opponents of the app have their own arguments, but there is a lack of consensus. In this respect, this article will analyze the legality issues and subsequent controversies of human rights relating to the use of tracking apps and other technological means by the German government for pandemic prevention from the perspectives of the EU’s “General Data Protection Regulation” (GDPR) and the domestic laws of Germany. The result of analysis will then be used for explanation of the solutions to the relevant legal controversies and serve as an important source of reference for the future research of laws on pandemic prevention.