In order to better understand opinions and recommendations on the use of the StopCovid app, the CNIL answers some FAQ.

The CNIL issues two deliberations on the StopCovid app, concerning different areas but related to each other.

What is the StopCovid app?

StopCovid is a mobile app created from the government for the global strategy of progress boundary. Available on smartphone, its objective is to advise users about any risks of contagious when they came in contact with a user that is positive to Covid-19. This is a tracing contact device, it is voluntary for anyone who want to use Bluetooth technology.

During its use, your smartphone stored a list of temporally alias of devices that you have “crossed” in the last 14 days (this is called “proximity history”. When a user becomes infected or positive to covid-19, he/she can choose to send his/her contact data in the main server. The data sharing toward this server will be possible only with a single-use code supplied by a healthcare professional after a positive clinical diagnosis or with a QR code given to the data subject at the end of the test.
The user app will ask the server to see if any of the identifiers associated with it were reported by a person diagnosed or screened with Covid-19. Once informed that they are a “contact”, therefore at risk, the person is particularly invited to consult a doctor.

What is the CNIL role?

The CNIL issued two opinions (24 April and 25 May 2020) on the principle of implementation and on the draft order of the processing implementation. In particular it remembered that:

– the care responsibility is managed by the ministry responsible for health policy.
– No negative consequences on the choice of non use the app. This means that the government does not attach any legal consequences to the use or not of the StopCovid app, and it does not require a specifics rights for who is gonna use it.
– Additional security measures are implemented.
– The app implementation is limited in time.
– Other technical measures are implemented.
– Proximity histories are stored for a limited period of time.

In addition it has created some recommendations on:

– increase the informations provided to the users, in particular on the app use conditions and personal data delete mood;
– the need to provide specific information for minors and parents;
– free access to mobile app and server code.

Once the app will be distributed, the CNIL will be careful to practical conditions for the system implementation and in particular:

– the real utility, which will be studied more after the introduction. The question implementation must be influenced by periodical assessment.
– the respect for the planned duration for device implementation and data wipe at the end.
What do we mean for “a voluntary consent app”?
Every person is free to use this app or not. This means that if you do not download this StopCovid app you can not have legal consequences and any special rights will be reserved to who is gonna use it.

Is my anonymity guaranteed during the StopCovid app use?

If any identification direct information (as name and surname) is processed into the StopCovid app, CNIL has remembered that this app is not “anonymous” according to data protection legislation.
In fact, the smartphone shared, between each other and this a central server, pseudonymous identifiers (unique number sequences for each terminal but no direct meaning) that are specific. There are personal data according to the GDPR.

Anyway, if the device is used for data processing, CNIL estimates that the use of pseudonymous identifiers minimize the possibility of identification.

Why does the CNIL emphasise the app utility and the system proportionality?

The CNIL remembers that, in its opinions, the private life respect and the personal data protection require that the attacks to those rights from the authorities are necessary and proportionate to the final aim.

So, the StopCovid app can be implemented only if its utility for the crisis management is proved (the need), in particular in the deconfinement phase, even if there are particular guarantees (proporcionality).

The CNIL notes that, in terms of proportionality, are provided some guarantees:

– the absence of negative consequences combined with the choice of non-use the app;
– the temporary nature of the device;
– the data minimization recollected and processed.
– security measures implementation.

However, CNIL considered that the effective impact of the system on the overall health strategy should be assessed on a regular basis in order to ensure its usefulness over time.

Can minors be excluded from this system? What are the points of attention?

The possibility that minors can download and use this StopCovid app brings CNIL to pay attention to the people’s information.

Inside its resolution of the 25 May 2020, the CNIL invites the Ministry to add, inside the provided information, specific development for minors and their parents.

What will happen to my data? How long will they be stored?

The device implementation duration is different from the data storage.

The implement period is 6 months by the end of the health emergency period, like “ContactCovid” and “SI-DEP”, devices that can complete, as a part of global deconfinement strategy.
If some data need to be stored for all the app implementation period so that it works (keys and identifiers associated with applications) the proximity histories of people diagnosed or tested positive, temporary identifiers exchanged between questions and their timestamps are kept for 15 days (recommendation of Public Health France and Ministry of Health).
At the end of these periods, your personal data must be deleted.

Can you data be out of the European Union?

Data can not be shared out of the EU and will also be stored inside the EU.

How can I have access to data?

Firstly CNIL has observed in its opinions that the question:
uses pseudonym identifiers;
it will not allow the identifications of people contaminated with COVID-19 to be reported and that no link will be maintained between the contaminated persons and the list of people they may have exposed.
So, it underlines that only few subcontractors have the authorization to have the access to data on the central server and in the limits of their aim (accommodation, system maintenance, etc.) Those access are done only for and on behalf of the Health Ministry that ensures the process responsibility.

How can CNIL guarantee that the app does not work after the crisis when I still have it on my smartphone?

The app use is based on voluntary service that has the possibility, in every moment, to cancel the server subscription and/or uninstall it from their smartphones.

Therefore, the CNIL reminds that it will pay attention to respecting the planned duration for the implementation of the system and the deletion of the data. In particular, if you wish, you can carry out the necessary checks within your supervisory powers.

If I decide to use this app, what are my rights?

Since the app appeal is based on the voluntary people’s work, the CNIL remembers the importance of objecting to the personal data processing so as to delete it.

The CNIL has noticed, in its opinion of the 25 MAy 2020, that the procedures for the exercising of opposition and deletion right have already been provided in the Data Protection Impact Assessment (AIPD) that has been submitted to it as part of the examination of the file.

This requires that the user request the deletion of their own data stored on their smartphone as well as those contained within the central server, directly through a feature of the application. In addition, you can also stop using the app at any time by unsubscribing from the server or uninstalling it from your smartphone in order to exercise your right to opposition.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA FRANCIA – CNIL