Applicability of European legislation for the protection of data while using tracing applications

Abstract Background Since the beginning of the COVID pandemic, Member States have started using tracing applications. The European Commission immediately confirmed the possibility of collecting personal data without the obligation to obtain the citizens’ consent. Aware of the threat of data breach, the Commission has tried to remedy the situation and has given up the recommendation followed by a guide on how to use the tracing applications. Methods In order to achieve the determination of the applicable European legislation, we used the doctrinal method in combination with the quantitative empirical research in the area of comparison of individual tracing applications. Results The geolocal applications are regulated by GDPR. Based on Article 6 (1) GDPR, Commission confirmed the possibility to restrict the citizens’ privacy. The Commission drew the attention to the collection of personal data based on the exception of “public interest” without necessity of the citizens’ consent. In combination with Article 23, the Member states may restrict the lawful processing of data by legislative measure for protection of “public health”. The applications using Bluetooth exposure notification system (ENS) do not operate with personal data. Thus, these are in general out of scope GDPR and regulated by the Directive on privacy and electronic communications. Article 15 of the Directive allows processing of communication without citizens’ consent for the reasons listed in paragraph 1, which did not include “public health”, therefore the applications cannot be use without citizen's consent. Conclusions The use of applications with geolocation allows Member states to process personal data without guarantees in order to protect public health. This approach is unacceptable in relation to the right to privacy. If a situation like the covid pandemic occurs again, exclusively applications with ENS should be used. The use of these applications, even in times of pandemic, is conditioned by the citizens’ consent. Key messages The project is expected to define applicable European legislation for using tracing applications and thus contributing to their safe use in the future with the least impact on citizens’ rights. The use of geolocal applications without legal proceeding of sensitive data contributed in 2020 to an increase of data breach up to 68%, thus it is necessary to adhere to the principles set by GDPR.


Issue:
The aim of the Horizon 2020 unCoVer project (Unravelling Data for Rapid Evidence-Based Response to COVID-19) is to coordinate research expertise in utilising Real World Data (RWD) to investigate the underlying risk factors for COVID-19 infection and severity, the effectiveness of treatments and the impact on health systems. RWD is particularly useful in a dynamic health context as it is relevant, timely, and more ecologically valid. Pooling clinical databases and integrating epidemiological principles and powerful biostatistical tools optimises resources and fully exploits routinelycollected data. Description of the problem: RWD sharing poses new practical and ethical challenges to research. The unCoVer network has developed a federated data platform to access diverse databases for advanced analytics. This data access process entails GDPR, and regulatory and ethical nuances. The use of large-scale data from heterogeneous sources across multiple jurisdictions for research purposes presents a complex systems challenge.

Effects & Lessons:
A dedicated team of unCoVer network members is responsible for addressing these challenges. Here, we describe the ethical and regulatory aspects of RWD sources, the role of the Data Protection Authorities and the Data Protection External Authority Board (DP-EAB) of the Uncover project, and the documentation involved, including a data processing agreement and a data transfer agreement. We provide an overview of the main principles for sharing RWD whilst maintaining integrity and security and how this translates into procedures to protect the rights, security, and well-being of human research participants. This represents a practical framework for researchers.

Key messages:
Sharing RWDs presents new practical and ethical challenges for research where large-scale datasets from heterogeneous sources across multiple jurisdictions must be arranged in a structured manner. Using the Uncover project framework, heterogeneous data can be shared and harmonized in a standard manner. This framework can be used in future RWD projects to generate real-world evidence.
Abstract citation ID: ckac130.061 Applicability of European legislation for the protection of data while using tracing applications

Background:
Since the beginning of the COVID pandemic, Member States have started using tracing applications. The European Commission immediately confirmed the possibility of collecting personal data without the obligation to obtain the citizens' consent. Aware of the threat of data breach, the Commission has tried to remedy the situation and has given up the recommendation followed by a guide on how to use the tracing applications.

Methods:
In order to achieve the determination of the applicable European legislation, we used the doctrinal method in combination with the quantitative empirical research in the area of comparison of individual tracing applications.

Results:
The geolocal applications are regulated by GDPR. Based on Article 6 (1) GDPR, Commission confirmed the possibility to restrict the citizens' privacy. The Commission drew the attention to the collection of personal data based on the exception of ''public interest'' without necessity of the citizens' consent. In combination with Article 23, the Member states may restrict the lawful processing of data by legislative measure for protection of ''public health''. The applications using Bluetooth exposure notification system (ENS) do not operate with personal data. Thus, these are in general out of scope GDPR and regulated by the Directive on privacy and electronic communications. Article 15 of the Directive allows processing of communication without citizens' consent for the reasons listed in paragraph 1, which did not include ''public health'', therefore the applications cannot be use without citizen's consent.

Conclusions:
The use of applications with geolocation allows Member states to process personal data without guarantees in order to protect public health. This approach is unacceptable in relation to the right to privacy. If a situation like the covid pandemic occurs again, exclusively applications with ENS should be used. The use of these applications, even in times of pandemic, is conditioned by the citizens' consent.

Key messages:
The project is expected to define applicable European legislation for using tracing applications and thus contributing to their safe use in the future with the least impact on citizens' rights. The use of geolocal applications without legal proceeding of sensitive data contributed in 2020 to an increase of data breach up to 68%, thus it is necessary to adhere to the principles set by GDPR.

Background:
Being ignored, one of the most common problems among young people, can occur not only in face-to-face communication but also through social media communication tools over the internet and is called cyberostracism (CO). The effects of cyberostracism on people are at least as effective as in real social life and can cause a wide variety of affective disorders. It is thought that the family, environmental factors and the individual's own personality traits effectively control such negative emotions. This study aims to evaluate the CO level and personality types of students who have just started university in Turkey.

Methods:
This cross-sectional study was conducted in 2021 spring semester and 3148 students in the first year of their university in Turkey constituted the study group. To evaluate the CO levels of the students, CO Scale (min-max score 14-70) and to evaluate the personality type, Ten Item-Personality Inventory (TIPI) was used. The questionnaire prepared in accordance with literature was filled out online by the students. Mann Whitney U, Kruskal Wallis analyses and Multiple Linear Regression was used.

Results:
In the study, 1847 (62.5%) were female and the mean age was 19.9AE1.8 years. The mean score obtained from the CO scale was 21.1AE8.1; 41.8% of the participants had the Agreeableness personality type. Male gender, extended family, not good at face-to-face communication with friends, creating a membership by hiding their identity in social media and being ignored in social media were predictive for CO (F: 69.176, R2: 0.172, p < 0.001) was shown in multiple linear regression.

Conclusions:
Distance education programs during the pandemic period have limited the face-to-face communication of young people, causing them to spend more time in cyberspace. Personality type has been an important factor affecting the level of cyberostracism by determining our behaviour when exposed to difficult life events. Key messages: Young people exposed to cyberostracism, may enter dangerous environments and groups that they think will be easily accepted in their real lives. It is thought that young people should be guided to use social media more consciously in the future in order to prevent cyberostracism. Background: The COVID-19 infodemic is putting pressure on public health systems to control the pandemic. With the internet and social media playing a key role in emergency communication, digital health literacy (DHL) can be considered a determinant of health. This study aims to assess the impact of infodemic on the skills of medical students, for whom low levels of DHL may affect the ability to identify the best available medical evidence.

Methods:
A cross-sectional web-based survey was conducted at the University of Florence (Italy) in Apr-May 2019 (pre-pandemic period) and in Nov-Dec 2020 (pandemic period) to investigate DHL skills. Two different cohorts of students, both in their first year of medical school, participated in the survey. The 8item self-assessment tool (IT-eHEALS) with a 5-point Likert scale was used to examine DHL. The change in perception of ability between the two cohorts was examined using the Wilcoxon test.

Results:
A total of 329 students participated in the survey in 2019 (F: 58.1%; mean age 20.6AE2.1) and 341 in 2020 (F:61.9%; mean age 19.8AE2.0). In 2019, participants' DHL level was moderate with a IT-eHEALS overall mean score (MS) of 28.4AE5.8. Students had a good idea of how to find helpful health information (MS 3.9AE0.8) and how to use the web for this purpose (MS 3.8AE0.9), but they were less confident about the usefulness of the information they received (MS 2.9AE1.1). In 2020, the medical students' DHL level deteriorated as the overall MS of IT-eHEALS decreased to 23.4AE7.2 (p < 0.01). The scores of the IT-eHEALS items were significantly lower and students indicated that they found it difficult to assess the information they found (MS 2.4AE1.1; p < 0.01).
Conclusions: DHL can contrast infodemic, but the latter in turn may have a negative impact on perceived DHL skills if personal knowledge base is not well structured. Training programmes for medical students as future health care providers should be reinforces to guide their practise.

Key messages:
Assessing digital health literacy is the first step in directing public efforts towards empowering educational programmes to improve health literacy. Medical students, as future health professionals, should be able to use the best evidence to help their patients identify healthy beliefs and behaviours to manage in health emergencies.
15th European Public Health Conference 2022