EDPB adopts statement on the interoperability of contact tracing applications

During its 32nd plenary session, the the European Data Protection Board (EDPB) adopted a statement on the interoperability of contact-tracing applications. The statement offers an in-depth analysis of key aspects, including transparency, legal basis, controllership, data subject rights, data retention and minimisation, information security, and data accuracy in the context of creating an interoperable network of applications that need to be considered on top of those highlighted in the EDPB Guidelines 04/2020. The EDPB emphasises that the sharing of data about individuals that have been diagnosed or have tested positive with such interoperable applications should only be triggered by a voluntary action of the user. Giving data subjects information and control will increase their trust in the solutions and their potential uptake. The goal of interoperability should not be used as an argument to extend the collection of personal data beyond what is necessary.