For a European management of the fight against the SARS-CoV-2 pandemic
The SARS-CoV-2 pandemic, which has been hitting Europe hard for several months, has not been anticipated by anyone including the European Centre for Disease Prevention and Control, 1 the core functions of which include surveillance of infectious diseases and epidemic intelligence. Governments of EU member states took action, which led some commentators to celebrate the return of nation states and the collapse of the EU.
Divided in cacophony
Public health falls within the responsibility of member states. It is not a shared competence of the EU. There is accordingly no EU health policy as such.
In the case of the SARS-CoV-2 pandemic, governments of EU member states reacted to the development of the pandemic by taking inconsistent decisions without first conferring together. Decisions taken by governments are based on opinions of national experts who advise them. The role of experts is therefore comparable to that played by DPOs as advisors.
In the case of the SARS-CoV-2 pandemic, experts however hold different opinions — even at national level — and no scientific consensus is accordingly available. This situation should have provided additional reasons for member states to coordinate their domestic decisions at the level of the EU.
The lack of coordination has led to a patchwork of inconsistent decisions taken by governments of EU member states which have been ranging from no lockdown in Sweden
to a “targeted lockdown” in The Netherlands and much stricter lockdowns in neighbouring Belgium, France, Italy and Spain. These inconsistencies have unsurprisingly resulted in an overwhelming chaos and negatively affected the effectiveness of domestic decisions.
It is regrettable that a Board of independent experts has not been urgently appointed to advise decision-makers at the EU level. Regarding the protection of personal data, the European Data Protection Board (EDPB) precisely plays a comparable role of advisor to decision-makers. The SARS-CoV-2 crisis calls for a European governance of public health. The European governance of data protection could provide a source of inspiration to that effect.
Apples and oranges
To assess the efficiency of domestic decisions, basic data such as the number of confirmed COVID-19 cases, deaths and recoveries needs to be collected. Such collection also falls within the responsibility of EU member states. The latter do however not apply any common and transparent methodology to collect this data. Criteria for calculating the number of deaths caused by COVID-19 differ by member state of the EU. Member states accordingly report COVID-19 fatality numbers differently.
For instance, some member states of the EU exclude from the number of COVID-19 deaths patients suffering from a pre-existing pathology, such as a heart condition which causes the death, whilst tested positive for COVID-19. Other EU member states such as Italy however elected to include in the total number of COVID-19 deaths patients who tested positive for COVID-19 but died from another pathology. This methodology has contributed to the high mortality rate in Italy in comparison to other member states of the EU.
Taking such methodology even further, Belgium includes all potential deaths in nursing homes even if COVID-19 has not been confirmed as the cause of death. The Belgian catch-all approach has led to a reporting system which differs from every other member state’s method of counting. Conversely, the Netherlands only registers COVID-19 as the cause of death when a person has tested positive for the virus.
This lack of uniform methodology negatively affects the reliability of the collected data. It also negatively affects the analysis of the data and the value of such analysis. This situation calls for a coherent collection of data by member states of the EU as a pre-requisite for meaningful comparisons and appropriate assessments about the effectiveness of decisions made.
One pan-European mobile application?
On 6 April 2020, the European Data Protection Supervisor (EDPS) called for a single “pan-European model ‘COVID-19 mobile application’, coordinated at EU level” with strong built-in data protection to be developed and used across the EU instead of every member state developing and using its own. The Commission has however declined to consider the development of a pan-European application. On 8 April 2020, the Commission stated that a pan-European approach is necessary for COVID-19 mobile applications and that they must comply with applicable rules on the protection of personal data.
Some member states of the EU have already been or are in the process of developing a proliferation of state-specific mobile applications using a plethora of widely different processing of personal data. Poland was the first member state of the EU to launch a mobile application. The “Home Quarantine” app is mandatory to monitor whether infected and quarantined data subjects comply with their confinement. It tracks the user’s location while they are in compulsory self-isolation, requires data subjects to take and upload selfies when prompted so that officials can pinpoint their exact location to prove that they are quarantining properly and retains personal data for six years. Germany, Ireland, France, Italy, Spain, The Netherlands, Hungary and Denmark have also announced their plans for their own mobile applications.
As for environmental issues to which it may be linked, the SARS-CoV-2 pandemic calls for a strong governance by the EU. The individual level of member states is inappropriate to take effective action. Different national methodologies to collect data, national tools and a hodgepodge of domestic mobile applications can simply not be effective in the context of the EU. The last few weeks have certainly displayed a lot of diversity. It is now high time to put the emphasis on unity. At the international level, the SARS-CoV-2 pandemic also calls for a strong governance by the United Nations and coordination by the EU with the World Health Organisation.
| This guest blog was written by Xavier Tracol, Senior Legal Officer at the Data Protection Office of EUROJUST. The views expressed herein are those of the author in his personal capacity and do not necessarily reflect those of EUROJUST or the EU in general.
More blogs on Law Blogs Maastricht