Abstract
In their efforts to curb the COVID-19 pandemic, many countries have introduced contact tracing apps installed on mobile phones with the aim of breaking chains of infection. This raises ethical and legal questions, as these apps have the potential to be used for surveillance of the population. There is pressure to set privacy and data protection aside to allow extensive collection and processing of personal data, while their benefits remain uncertain. The two versions of the Norwegian COVID-19 tracing app are used as a case study to explore how law and legal norms are made and implemented – or not – in the context of a public emergency. In Norway, the legal question of contact tracing apps has largely been limited to a question of compliance with the GDPR and has excluded a meaningful conversation about the use of apps as pandemic response tools and their impact on rights and freedoms. The normative argument of the article is that to combine a robust form of privacy and data protection with the use of digital tools in a crisis, we need to carefully scrutinize the effects technology choices have on human rights and the rule of law.
Highlights
The first Norwegian COVID-19 contact tracing app ‘Smittestopp’ was launched in April 2020
4.3.1 The bundling of purposes The Smittestopp 1 Regulation stated two purposes for the app: 1) enabling swift tracing of persons who may be infected by COVID-19, and giving advice to persons who may be infected; 2) monitoring the population to surveil the spread of the infection, and evaluating the effect of the infection control measures.[55]
The European Data Protection Board (EDPB) guidelines stated that large scale monitoring of location and/or contacts in COVID-19 tracing apps could ‘only be legitimised by relying on a voluntary adoption by the users for each of the respective purposes.’[61]. For Smittestopp, the voluntariness only extended to a choice of whether or not to use the app, and did not enable the user to choose voluntarily either of the two purposes
Summary
The first Norwegian COVID-19 contact tracing app ‘Smittestopp’ (hereinafter referred to as ‘Smittestopp 1’) was launched in April 2020. The app was one of the first to be introduced internationally, and one of the first to be withdrawn; in September 2020, it was officially cancelled by the health authorities, but only after reaching 1.5 million downloads, and attracting criticism from human rights organisations, privacy activists, the Norwegian Data Protection Authority, lawyers, technologists, and the Norwegian Parliament. The core of their critique was the intrusive nature of the app, which in effect could track users’ locations and interactions. Whereas the first version was criticised for being harmful, the second instalment has been criticised for being both harmless and useless
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
