Martim Bouza Serrano, Partner and Coordinator of CCA's Technology, Media and Telecommunications Department, in statements to Observador, comments on the use of digital contact tracking solutions to detect a person infected with the new coronavirus contact network in the days prior to diagnosis. In Portugal, two projects have been developed to carry out this monitoring, none of which is yet operational in the country.
According to Martim Bouza Serrano, "as a general rule, there is no need to request authorization" from the CNPD for the creation of this data, because since the GDPR (General Data Protection Regulation) was created, entities are responsible for data processing. However, CCA's partner argues that there is a need for a "health entity that validates the data" for the effectiveness of these systems and that can safeguard any information that may be "understood as personal data". That is to say, to prevent the app’s information from being misrepresented, such as the software itself.
He also adds that, in case of health data, there must always be an "express consent" on the way in which the data is used, that is, the App must have an authorization request for each situation, installation is not enough. "I am curious to see how this implementation will unfold, it will not be enough to simply accept the terms and conditions", underlines Martim Bouza Serrano.