« 英国 NHSX(国民保健サービス・デジタル)が間も無くコンタクト・トレーシング・アプリをリリースするようですね。。。 | Main | NIST White Paper - Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) »

2020.04.27

少なくとも7カ国の政府を含むPEPP-PTの支援者は、プライバシー保護の「中央管理手法」をあきらめていない

こんにちは、丸山満彦です。

陽性者と濃厚接触した人を確認するための記録の保存のしかたには、中央にそのデータを送る方法(中央集権型)と、各々のデバイスに接触履歴を残す方法(分散型)の2つがあるわけですが、プライバシー保護の観点から望ましいのは後者のほうで、濃厚接触をしたことを知るためであれば、どちらの方法でも良いことから、その目的だけであれば、分散型が望ましいということになります。

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT)によると、少なくとも7カ国の政府を含むPEPP-PTの支援者は、プライバシー保護の「中央管理手法」をあきらめていないということのようです。

TechCrnch / TechCrnch Japan

・2020.04.18 Europe’s PEPP-PT COVID-19 contacts tracing standard push could be squaring up for a fight with Apple and Google by Natasha Lomas

・2020.04.25 欧州がアップルとグーグルにAPI変更要求、新型コロナ対策の接触追跡技術のプライバシー保護で

 

この記事のなかで

-----

先日欧州議会で可決された決議案も、分散型の接触者トレーシングを後押しするものだ。

-----

という記述があるが、決議案の51-53段落が該当するようですね。

-----

51.
Takes note of the Commission’s plan to call on telecoms providers to hand over anonymised and aggregated data in order to limit the spread of COVID-19, of national tracking programmes already in force, and of the introduction of apps allowing authorities to monitor movements, contacts and health data;

52.
Takes note of the emergence of contact-tracing applications on mobile devices in order to warn people if they were close to an infected person, and the Commission’s recommendation to develop a common EU approach for the use of such applications; points out that any use of applications developed by national and EU authorities may not be obligatory and that the generated data are not to be stored in centralised databases, which are prone to potential risk of abuse and loss of trust and may endanger uptake throughout the Union; demands that all storage of data be decentralised, full transparency be given on (non-EU) commercial interests of developers of these applications, and that clear projections be demonstrated as regards how the use of contact tracing apps by a part of the population, in combination with specific other measures, will lead to a significantly lower number of infected people; demands that the Commission and Member States are fully transparent on the functioning of contact tracing apps, so that people can verify both the underlying protocol for security and privacy, and check the code itself to see whether the application functions as the authorities are claiming; recommends that sunset clauses are set and the principles of data protection by design and data minimisation are fully observed;

53.
Calls on the Commission and the Member States to publish the details of these schemes and allow for public scrutiny and full oversight by data protection authorities (DPA); notes that mobile location data can only be processed in compliance with the ePrivacy Directive and the GDPR; stresses that national and EU authorities must fully comply with data protection and privacy legislation, and national DPA oversight and guidance;

-----

 

|

« 英国 NHSX(国民保健サービス・デジタル)が間も無くコンタクト・トレーシング・アプリをリリースするようですね。。。 | Main | NIST White Paper - Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) »

Comments

Post a comment



(Not displayed with comment.)




« 英国 NHSX(国民保健サービス・デジタル)が間も無くコンタクト・トレーシング・アプリをリリースするようですね。。。 | Main | NIST White Paper - Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) »