Data protection called into question again. Police in Mainz, Germany, have drawn criticism by using an anti-Covid tracking app in an investigation to help bars and restaurants register their customers and supposedly protect user data.
At the origin of this case, which was made public recently, a man had a fatal fall outside a restaurant in Mainz on November 29, 2021. To find possible witnesses, the police decided to contribution to the Luca application, which assists restaurants and bars in registering customers to allow tracing in the event of contamination.
This access allowed them to contact 21 people, to whom the Mainz prosecutor’s office has since apologized. The local data protection commission has announced the opening of an investigation.
“The present case is serious, because the legal ban on using contact tracing data for police purposes is clearly and unequivocally enshrined in the law on infections”, which governs the German response to the Covid-19 pandemic, estimated, Tuesday January 11, Stefan Brink, data protection commissioner of Baden-Württemberg in the economic daily Handelsblatt.
A health service gave access to the data
The Luca app, which claimed more than 35 million users in Germany, records place and duration of stay, full name, address and telephone numbers. This German application contains several firewalls to protect data. Only a health service can thus have access to the data of registered customers.
To conduct their investigation, the police and the local prosecution approached a health service, which agreed to claim that a case of infection had been detected to give investigators access to the data.
The German company Culture4life, which operates this application, condemned “This misuse of Luca’s data collected for the protection against infections”. According to the company, requests of this type are regular but have never been acted upon.
For its part, the liberal FDP party, member of the new ruling coalition, is alarmed:
“Security breaches, how sensitive data is stored without effective protection as well as disgruntled health services and this case [à Mayence] rightly raise doubts about the Luca app and how to deal with the security issues raised. “