Berlin, Düsseldorf Access by the Mainz police to personal data from the Luca contact tracking app met with sharp criticism. The officials had used data from visitors to a restaurant in an investigation into a death.
“The present case is so serious because the legal ban on using contact tracking data for police purposes is clearly and unambiguously written in the Infection Act,” said Baden-Württemberg’s data protection officer, Stefan Brink, to the Handelsblatt. “It is hard to believe that the security authorities could have waived the ban on use in this case.”
The Mainz public prosecutor’s office has already admitted that there was no sufficient legal basis for data access. According to its own statements, the authority had approved the access. 21 potential witnesses were contacted by phone. The prosecutor apologized to those affected. First the Südwestrundfunk (SWR) reported on the case.
The Luca app is intended to help restaurant owners and event organizers to do the legally required recording of visitor contacts without a mess of paper. Digitally, among other things, location and duration, full name, address and telephone numbers are saved and secured against access.
Top jobs of the day
Find the best jobs now and
be notified by email.
The investigation followed the fall of a man on November 29th last year after leaving a restaurant, as a result of which he died a few days later, as the SWR reported. With the data query, visitors to the restaurant were found in order to win them as possible witnesses.
CEO of the Luca app: Police inquiries almost daily
Patrick Henning, CEO of Luca operator culture4life, reports almost daily inquiries from public prosecutors or the police about the release of user data. These would always be rejected. In any case, the data protection of the application is structured in such a way that the operators have no access to user information. “We condemn this misuse of the data collected by the Luca app for infection protection,” said a company statement.
To prevent misuse, Luca has a special security concept. The data could only be made available if the respective health department and the respective company gave their consent in the event of an infection and used individual keys to decrypt the data, explained culture4life: “The data can then only be viewed by the respective health department.”
In the present case, the health department probably simulated an infection when pressure was or requested from the police and obtained the consent of the company to provide the data.
“Unfortunately, we experience time and again that the police and public prosecutor’s eagerness for clarification does not stop at clear legal bans on data protection,” says data protection officer Brink. The case in Mainz is also “worrying” because the health department made “massive mistakes”.
“In order to bypass the intrinsically good system of encryption of contact data by the Luca app, not only did the police have to ignore the legal prohibition on exploitation, the health department had to play along and fake a deliberately inaccurate infection situation,” explained Brink.
There was obviously no actual case of infection here. “It takes a certain audacity as a health department to comply with the wishes of the police in such a case,” criticized Brink. “In Baden-Württemberg in such a situation we would not only object to the behavior of the authorities, but also insist that all those involved be disciplined and retrained.”
The Rhineland-Palatinate state commissioner for data protection, Dieter Kugelmann, said that his authority would make a request for information to the health department and the public prosecutor. Proceedings are then likely to be initiated and, in the end, the illegality will be objected to. The unlawful use shook many people’s trust that the fight against pandemics would remain within the legal framework, said Kugelmann, referring to the complaint emails he had received.
Greens recommend Corona warning app instead of Luca
Brink fears disadvantages for Luca in view of the “state misconduct”. Despite an appropriate security concept, the app would have to accept “eminent damage to its reputation”. “Although Luca’s security architecture is completely acceptable, the number of voices will now increase again that insist on decentralized data storage such as the Corona warning app and emphasize that contact tracking that uses less personal data is also less is easy to abuse. “
After the incident, the Greens came out in favor of digital alternatives to contact tracing. “We must not allow trust in digital applications, which are an important building block in the fight against Covid-19, to wane,” said the Deputy Chief of the Green parliamentary group, Konstantin von Notz, to the Handelsblatt.
“The best protection of personal data is guaranteed by using applications that do not collect this data in the first place and yet noticeably relieve the health authorities in tracking contacts.” He is thinking above all of the Corona warning app.
Rapper Smudo (“Die Fantastischen Vier”), who helped develop the app, rejected the statements as irresponsible. Luca effectively helps to break chains of infection every day, especially with a view to the new virus variant Omikron, said the musician of the “Bild” newspaper.
If a federal state decides against it, that does not justify a Germany-wide appeal. “Anyone who hangs on the steep slope doesn’t throw away a rope.”
More: Ulrich Kelber: “Not a single measure to combat pandemic has failed because of data protection”