We are now in a situation where both the @EU_Commission as well as the @Europarl_EN have adopted a more privacy friendly stance than the Data Protection Authorities. What a time to be alive... https://twitter.com/EU_EDPB/status/1252885832844955649
The @Europarl_EN “demands that all storage of data be decentralised” in Art. 52 of its resolution on EU coordinated action to combat the COVID-19 pandemic from 17.04.2020 https://www.europarl.europa.eu/doceo/document/TA-9-2020-0054_EN.html
The @EU_Commission at least states clearly that “the decentralised solution is more in line with the minimisation principle” - p. 11 of its Guidance on Apps supporting the fight against Covid19 pandemic in relation to data protection from 16.04.2020 https://ec.europa.eu/info/sites/info/files/5_en_act_part1_v3.pdf
On 19.04.2020 over 300 academics warned in an open letter about the dangers of the centralized approach https://drive.google.com/file/d/1OQg2dxPu-x-RZzETlpV3lFa259Nrpk1J/view #DP3T
And now of all actors the @EU_EDPB [sic] goes out and says that “Implementations for contact tracing can follow a centralized or decentralized approach” (p 9 https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_20200420_contact_tracing_covid_with_annex_en.pdf)
Hiding in a footnote that the decentralized approach is more in line with the minimisation principle doesn’t help - how can you say both are possible if one is clearly “more in line” with one of the core principles of european data protection law?