Search
Content type: Examples
FullScreen Research claims that in the competitive German food delivery market, Lieferando uses automation to monitor its employees and that Wolt violates labour laws by paying couriers in cash and employing them illegally A former supervisor with Lieferando says that the system flags up abnormalities for a team of watching agents, who see each courier's exact location and are supposed to ask drivers the reason for delays. Lieferando denies that it illegally controls drivers'…
Content type: Examples
German data protection authorities have ruled that the use of Microsoft Office 365 in schools is not compliant with GDPR, citing a lack of transparency around how and where Microsoft processes and stores student data as well as the potential for third-party access. German federal and state data protection authorities have been looking at how to improve Office 365 for two years but deems changes Microsoft has made insufficient to bring the software into compliance.
https://www.computerweekly.…
Content type: Examples
A new requirement to wear wear masks in public in order to curb the spread of the coronavirus poses a problem in France and Belgium, where laws prohibit wearing face coverings, with health as the only allowed exception.
In France, where the law was passed in 2010, between 2011 and 2017 1,830 Muslim women were fined for wearing veils and 145 were warned. The law does not state how to distinguish when face coverings are worn for health reasons rather than religious belief.
This leaves…
Content type: Examples
Germany’s contact tracing system is thought to have been critical in controlling the COVID-19 outbreak, especially given superspreader events such as infections in meat packing plants. Each of Germany’s 16 federal states is responsible for health, and together with the national Robert Koch Institute they support authorities at city or council level, who are responsible for outbreak investigation and management, including contact tracing.
The country dubbed COVID-19 a notifiable disease early,…
Content type: Examples
A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes…
Content type: Examples
The German health minister, Jens Spahn, said the country required advice from the country’s ethics council before it could use the millions of antibody tests it had procured from the Swiss pharmaceutical company Roche to help determine how freely people could move around the country. Spahn cited the risk that people would try to get themselves infected if immunity passports appeared to promise greater freedom.
https://www.reuters.com/article/health-coronavirus-germany-antibodies/armed-with-…
Content type: Examples
At the end of March, jointly organised by the Robert Koch Institute (Germany’s public health body), the German Centre for Infection Research, the Institute for Virology at Berlin’s Charite hospital, and blood donation services, researchers planned to begin conducting blood tests among the general public in order to determine how many people test positive for antibodies to the coronavirus. Gerard Krause, head of epidemiology at the Helmholtz Centre for Infection Research, and Brauinschweig,…
Content type: Examples
Germany’s “Corona-Warn” contact tracing app amassed 6.5 million users (7.8% of the German population) in the first 24 hours after its June 16 launch despite setbacks that included disputes over data privacy and functionality. The app was developed in six weeks by a team of developers and engineers from Deutcsche Telekom and SAP and is built on the Apple-Google notification framework. In a poll conducted by ARD around the time of the app’s launch, 42% of Germans said they would use the app,…
Content type: Examples
Local health authorities in Germany have relied on human contact tracers since the country confirmed its first COVID-19 cases early in 2020, and say that doing so has helped the country keep its death rate comparatively low even with a less restrictive lockdown than many other countries. Germany aims to have 16,000 contract tracers overall, or five for every 25,000 people. Tracing involves phoning each newly-diagnosed patient and asking their movements; those who have been in close contact for…
Content type: Examples
A data breach that posted 100 to 200 names, email addresses, and encrypted passwords online was found in the Belgian Covid-19 Alert! app, one of seven candidates for adoption by the Dutch government. The app identifies phones that have been close to each other via Bluetooth signals and can send them a message when one owner tests positive. The developers said the data leaked from a database relating to another project when the source code was hurriedly placed online for government scrutiny.…
Content type: Examples
Three days after announcing Germany would adopt the centralised Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) standard for contact tracing, the country's chancellery minister Helge Braun and health minister Jens Spahn announced they would instead use the decentralised approach backed by Apple, Google, and other European countries. While both standards rely on Bluetooth connections between nearby phones, PEPP-PT would have required Apple's cooperation to implement, and the company…
Content type: Examples
Germany's federal agency responsible for disease control and prevention, the Robert Koch Institute, has teamed up with the health technology start-up Thryve to develop an app called Corona-Datenspende ("data donation") that works with a variety of smartwatches and fitness wristbands. The app is designed to use the device's sensors to collect user data, and includes algorithms to it to spot symptoms linked to COVID-19 and help predict the spread and containment of the virus. More than 50,000…
Content type: Examples
On March 24 the German Bundestag passed a comprehensive amendment to the Infection Protection Act that authorises the Federal Ministry of Health to implement measures for medical care without the consent of the Federal Council. These include the ability to impose curfews and travel restrictions, override patent protection for medical products, and issue ordinances creating other exceptions to the law. The Federal Data Protection Commissioner criticised the proposals because he doubted whether…
Content type: Examples
Researchers at Germany's Robert Koch Institute and Fraunhofer Heinrich Hertz Institute are working on an app that uses Bluetooth connections between smartphones and is compliant with GDPR to anonymously save the distance and duration of contact between people on the smartphone to make it possible to digitally reconstruct infection chains. The idea is being copied from Singapore's TraceTogether app, which detects other users who have also installed the app. If someone tests positive, they can…
Content type: Examples
The Belgian Minister of Public Health has approved a programme under which telephone companies Proximus and Telenet will transfer some of their their data to the private third-party company Dalberg Data Insights in order to help combat the coronavirus epidemic; Orange has also agreed "in principle". The details are still to be agreed pending a legal and technical analysis of the proposed project. So far it has been reported that location data and real-time tracking would be used to assess the…
Content type: Examples
Technology entrepreneurs within Belgium would like to introduce a health code app similar to China's Alipay Health Code that would control individuals' movements based on their health status. The government has engaged privacy experts from the Belgian data protection authority and Ghent University to consider the possibility, despite the country's strict privacy laws, which have no equivalent in China..
Source: https://www.apache.be/gastbijdragen/2020/03/18/hoe-het-…
Content type: Examples
The German mobile operator Deutsche Telekom announced in a press conference on RKI Live that it had passed on, anonymised, its users' movement data to the Robert-Koch Institute to study the extent to which the population would follow the government's restrictions. RKI president Lothar Wieler said this data is also available for purchase, but was given to RKI at no charge.
Source: https://frask.de/coronavirus-deutscher-mobilfunkbetreiber-gibt-bewegungsdaten-weiter/
Content type: Examples
A Hamburg geotracking startup called Ubilabs is working with the Hannover School of Medicine on a data analysis platform that could track people who have tested positive for the coronavirus and their contacts, Der Tagesspiegel reported on Tuesday; this type of tracking would require individuals' consent to have a legal basis for processing.
Source: https://www.nytimes.com/reuters/2020/03/11/technology/11reuters-health-coronavirus-privacy-explainer.html
Content type: Examples
A review of European privacy laws considers whether the tracking and monitoring methods China used to shut down the COVID-19 epidemic are in compliance with GDPR. The French data protection authority CNIL says employers are not allowed to take mandatory temperature readings from employees or visitors or require them to fill out compulsory medical questionnaires. Italy passed emergency legislation requiring anyone who has recently stayed in an at-risk area to notify health authorities. Germany…
Content type: Examples
A 19-year-old medical student was raped and drowned in the River Dresiam in October 2016. The police identified the accused by a hair found at the scene of the crime. The data recorded by the health app on his phone helped identify his location and recorded his activities throughout the day. A portion of his activity was recorded as “climbing stairs”, which authorities were able to correlate with the time he would have dragged his victim down the river embankment, and then climbed…
Content type: Key Resources
In the lead up to the 2017 German federal elections, there was much debate about the benefits and dangers of data analytics for political purposes. There were some controversies concerning the use of data and the lack of information provided by political parties also raised concerns.
Content type: Examples
Following Ms. Vestager’s investigation into Amazon and its own sector enquiry into online price comparison services in October 2017, in June 2018 the German Federal Cartel Office (“Bundeskartellamt”) claimed that it “received a lot of complaints” and is said to be “looking at the role and market power of Amazon” with regards to Amazon’s hybrid function. (Nicholas Hirst, MLEX, 27 June 2018, Amazon’s ‘hybrid function’ catches eye of German antitrust enforcers.) Germany is Amazon’s…
Content type: News & Analysis
The first half of 2018 saw two major privacy moments: in March, the Facebook/ Cambridge Analytica scandal broke, followed in May by the EU General Data Protection Regulation ("GDPR") taking effect. The Cambridge Analytica scandal, as it has become known, grabbed the attention and outrage of the media, the public, parliamentarians and regulators around the world - demonstrating that yes, people do care about violations of their privacy and abuse of power. This scandal has been one of…
Content type: Examples
In the lead up to the 2017 German federal election (Bundestagswahl), all political parties used social media like Facebook, Twitter, Instagram, YouTube, and e-mails as platforms to reach voters.
The far-right Alternative for Germany party (AfD) reportedly hired a Texas-based company for their campaign. Harris Media is known for their work with Republican, far-right and nationalist candidates in the US and worldwide. In 2017, Privacy International revealed that Harris Media was behind the…
Content type: Examples
In the lead up to the German elections, the conservative Christian Democratic Union (CDU) created a mobile app, Connect 17, which was designed to create a feedback loop between party headquarters and door-to-door volunteers (also known as canvassers).
The app drew on data from the federal statistics office and polling agencies. It let canvassers decide routes, record whether anyone was home, and whether a conversation had been successful. It also allowed canvassers to compare their…
Content type: Examples
The Sunday edition of the national newspaper Bild reported that Chancellor Angela Merkel's conservative Christian Democrats (CDU) party and the centre-right Free Democrats (FDP) party purchased "more than a billion" pieces of personal data about potential voters from a subsidiary of Deutsche Post, which offered target-mailing concepts to its clients. The Deutsche Post subsidiary, Deutsche Post Direkt, rejected these claims.
Instead, Deutsche Post is reported as insisting that it never…
Content type: Examples
Police in the German state of Hesse are using a bespoke version of Palantir's Gotham software system, specially adapted for the police force. Palantir CEO Alex Karp sits on the board of the German mega publisher Axel Springer.
Publication: WorldCrunch, Jannis Brühl
Date: 20 November 2018
Content type: News & Analysis
Private surveillance companies selling some of the most intrusive surveillance systems available today are in the business of purchasing security vulnerabilities of widely-used software, and bundling it together with their own intrusion products to provide their customers unprecedented access to a target’s computer and phone.
It's been known for some time that governments, usually at a pricey sum, purchase such exploits, known as zero- and one-day exploits, from security researchers to…
Content type: News & Analysis
The reports of Universal Periodic Review (UPR) Working Group for the States under Review at the 24th session in January 2016 were adopted during the last Regular Session of the Human Rights Council, which took place from 13 June to 1 July 2016.
Of the 14 Member States being reviewed, Privacy International with co-submitters presented reports on the right to privacy in Denmark, Paraguay, Belgium, Estonia, Namibia, and Singapore.
The growing number of…
Content type: Advocacy
This stakeholder report is a submission by Privacy International (PI), the Liga voor Menserechten and the Ligue des droits de l'Homme. PI is a human rights organisation that works to advance and promote the right to privacy and fight surveillance around the world. PI wishes to bring concerns about the protection and promotion of the right to privacy in Belgium before the Human Rights Council for consideration in Belgium's upcoming Universal Periodic Review.