Contact Tracing Apps (Filiation-Contact Tracking Monitoring) Applications And Life Fits Home Application Legal And Technical Evaluations

  1. Introduction
    As of June 2020, when this text was written, it is seen that the applications, which are the fragment of a brand new era that will start in the world with the COVID-19 (coronavirus) Pandemic, which has reached an impact equivalent to World War II all over the world as of June 2020, which will apparently grow even more, are only in its 6th month as of today, with reference to the date of the officialisation of the virus. So much so that; the change and transformation process we are in has further increased our need to predict the already uncertain future, and after COVID, the first new normal of our lives, it has given birth to many x-variables, of which the systems they are part of are also uncertain.

    In this process, many sectors, applications and business models transferred to online channels with the extraordinarily accelerated digital transformation have brought along many ‘new generation’ question marks regarding data and information in general and personal data in particular, which this text will focus on. For this reason, the European Union countries, which have the longest history in the field of data protection, have tried to rapidly implement the procedures and principles of the ‘General Data Protection Regulation’ (GDPR), and a number of other countries have tried to implement regulations regarding the processing and protection of personal health data, especially by considering the GDPR or their local data protection legislation provisions.

    Contact Tracing Monitoring and Common Applications
    One of the most important of these regulations is undoubtedly ‘contact tracing’, i.e. ‘filiation’ practices, which are practices and approaches created to monitor the potential risk of disease transmission by monitoring the coordination of the contact history of the person with other persons. It is legally possible for authorised institutions and organisations to resort to such methods in order to protect public health and thus ensure public order and public security, and it is indisputable that human rights and data confidentiality and security must be observed in such cases. However, in practical applications, it is highly controversial whether this operation is actually carried out in compliance with these principles.

    The transparency of the People’s Republic of China, the source from which the outbreak spread to the world, since the first day of the outbreak, and the measures implemented to prevent the outbreak have always been a subject of debate and will continue to be discussed in the following period. In China, where the outbreak has almost disappeared as far as it has been reported to the foreign public, location tracking is at the forefront of the measures implemented in this context, and in this respect, contact history tracking of individuals. This very strict and strictly applied measure is carried out with WeChat and Alipay applications, which are not very common in the western half of the world, but cover many services such as social media and messaging in the eastern half. With this application, in which people are classified with red, yellow and green colours according to their disease status, many personal data, including health, are processed. The Chinese government, known for its authoritarian and dominant character, makes these applications compulsory for citizens and attributes its success in combating the epidemic to this strict implementation. Immediately after China, which is one of the first implementers of location tracking, all countries of the world have carried out a number of studies on contact tracing respectively. Although the dynamics and systems used in each application may be different, one thing is certain that these applications process, record and use many footprints of individuals, especially health data, for many purposes.

    Security vs Privacy
    Like the competition of rights and freedoms in the human rights system of the legal order, perhaps the conflict between the ‘interest obtained’ and the ‘value to be protected’, which has been going on since the birth of the concept of ‘personal data’, also manifests itself here. In its announcement on the subject, the Global Privacy Assembly (GPA) stated that in this period, it is necessary to aim to protect public trust in contact tracing activities, especially data protection institutions should take an active role in order to raise awareness and consciousness in terms of data privacy and protection, the ‘privacy by design’ approach, which is one of the most basic principles of data protection, should be applied and operational processes should be transparent and in accordance with the legislation.

    In our country, the Personal Data Protection Authority has also expressed its opinion on this issue as ‘to ensure the isolation of persons diagnosed with an epidemic disease during the period of contagiousness in order to eliminate this threat in cases that threaten public order and public security such as epidemics, the data processing activities to be carried out by authorised public institutions and organisations in order to identify crowded areas and develop measures in this context by processing the location data of the general population are considered within the scope of Article 28/1/ç of the Law’ and that “there is no obstacle to the processing of location data by public institutions and organisations within the scope of the provision of the said article”.

    It seems that at the very beginning of the pandemic process, some opinions gathered in the direction that data processing activities could be carried out differently than normal, partly due to panic and partly due to the inexperience of not experiencing such a situation before in history, were gathered at the point that these activities must be implemented by observing the basic principles and principles. In fact, there are some data protection authorities who have changed their views on this issue in the process.

    Life Fits Home
    Hayat Eve Sığar Mobile Application is a mobile application developed by the Ministry of Health in order to inform and guide citizens about COVID-19 and to minimise the risks related to the pandemic and prevent its spread. The latest feature added to the programme, which has been developed with various updates since its first publication, is the ‘HES Code’. Within the scope of controlled social life, the HES Code will be an application that allows citizens to securely share whether they carry any risk in terms of COVID-19 during intercity journeys, institutional visits or public spaces that require individual communication and to track the outbreak.

    The application, which shows the level of the epidemic in the location where the person is located and even the locations of family relatives together with the HES Code, has divided our citizens into two as ‘those who do not install it for privacy reasons’ and ‘those who install it anyway’ since the day it went live. One of the most curious questions is which data the application can access after it is installed. As questioned by a service provider, the application has the ability to access sensitive GPS and network-based location information, camera, contacts, wireless connections and full network, Google service configuration access and bluetooth settings. Considering that location services and bluetooth applications are the main methods used in location tracking, it remains a question mark why the application has access to the camera or contacts.

    Another sub-heading of contact tracking applications is the ‘centralised’ or ‘decentralised’ management of the application. The difference of both systems, which basically use bluetooth technologies, is the degree of privacy rules used. Namely; while decentralised software is more compatible with the principles of data security and privacy, centralised software is considered more risky due to the security vulnerabilities experienced in third party transfers, especially governments, where the data of the person concerned is collected in a single centre. In particular, while decentralised software stands out with the use of blockchain technologies as the most well-known decentralised system and the correct application of anonymisation and data security protocols, it is accepted that centralised systems should not be preferred due to the existence of security vulnerabilities and high error rates in operations to be performed on data such as anonymisation.

    In this process, new applications created by both governments and private enterprises aim to have a decentralised structure, while the Hayat Eve Sığar application uses a centralised system that opens data to the direct access and control of government agencies. In the light of the above-mentioned data security and privacy principles, it would be quite appropriate to use a decentralised software in our country. For this reason, Apple and Google, the giants of the mobile operating system in the world, have just announced their software with a decentralised system. Based on the acceptance of ‘Data – the new currency’, which is one of the important expressions of the last period, there is no doubt that there will be many different expansions and developments that will occupy the agenda in the coming period, especially within the scope of contact tracing applications. Even before the trailer of the new era mentioned above is over, companies are competing fiercely at the point of collecting data on individuals with the undeniable effect of the COVID process.

    The future
    On the one hand, while the COVID struggle continues in the world, on the other hand, answers are sought to many question marks that will clarify the new normal regulations. Perhaps the most important of these question marks is whether people will be more protectionist or whether a more flexible and collaborative future based on data sharing awaits people in this brand new age, which is called the ‘Digital Age’ and which we are intertwined with most of its experts but which always seems far away. The mechanisation of people, a society of control and surveillance with microchip tracking, digital inequality, fluctuations in perceptions of trust and similar examples will perhaps be the ‘new normal’ that the COVID era will accustom the world to.

    The process tried to be summarised briefly will of course require a long time. However, in my opinion, trying to predict the effects of each implementation in the next decade and century will be the most useful and responsible approach for humanity.