Mistake in communicating how information is passed around

[pdehaye]

The model DPIA commissioned by the DP-3T consortium says quite explicitly that the beacon data transferred by one user to another should be treated as sensitive personal data (p 17).

One the other hand, the interface communicates in a few places that different processing operations are "anonymous". See for instance here.

Anonymous data has a specific meaning in EU data protection law, i.e. data that is not re-identifiable, and therefore not considered personal data.

Again, the model DPIA states that it is generally understood that what constitutes personal data is the same in Swiss and European law.

We see that there is thus a clash, between how the app presents what it does, and what it actually does from a legal standpoint, as interpreted by the lawyers hired by the DP-3T collaboration.

Additionally, this might be problematic in the future, if indeed the goal is to guarantee interoperability. A user operating the Swiss app in Italy would be misled by the current interface. One might argue that it would be ok, as the app could be updated, but I don't see how this would be done given EphIDs are stored for a while. Additionally this might lead to problems in case of multiple apps being installed on the same device.

The remedial is actually fairly simple: substitute "pseudonymously" for any current occurrence of "anonymously", since this would be more reflective of what is done, and the actual risk of re-identification (which underpinned the legal advice in the first place).