Since SARS-CoV-2 started spreading in Europe in early 2020, there has been a strong call for technical solutions to combat or contain the pandemic, with contact tracing apps at the heart of the debates. The EU's General Daten Protection Regulation (GDPR) requires controllers to carry out a data protection impact assessment (DPIA) where their data processing is likely to result in a high risk to the rights and freedoms (Art. 35 GDPR). A DPIA is a structured risk analysis that identifies and evaluates possible consequences of data processing relevant to fundamental rights and describes the measures envisaged to address these risks or expresses the inability to do so. Based on the Standard Data Protection Model (SDM), we present a scientific DPIA which thoroughly examines three published contact tracing app designs that are considered to be the most "privacy-friendly": PEPP-PT, DP-3T and a concept summarized by Chaos Computer Club member Linus Neumann, all of which process personal health data. The DPIA starts with an analysis of the processing context and some expected use cases. Then, the processing activities are described by defining a realistic processing purpose. This is followed by the legal assessment and threshold analysis. Finally, we analyse the weak points, the risks and determine appropriate protective measures. We show that even decentralized implementations involve numerous serious weaknesses and risks. Legally, consent is unfit as legal ground hence data must be processed based on a law. We also found that measures to realize the rights of data subjects and affected people are not sufficient. Last but not least, we show that anonymization must be understood as a continuous process, which aims at separating the personal reference and is based on a mix of legal, organizational and technical measures. All currently available proposals lack such an explicit separation process.

中文翻译：

---

Corona应用程序的数据保护影响评估

自从SARS-CoV-2在2020年初在欧洲开始传播以来，强烈呼吁人们提供技术解决方案来应对或遏制大流行，而接触追踪应用程序则是辩论的核心。欧盟的《通用Daten保护条例》（GDPR）要求管制员进行数据保护影响评估（DPIA），其数据处理可能会给权利和自由带来高风险（GDPR第35条）。DPIA是一种结构化的风险分析，可以识别和评估与基本权利有关的数据处理的可能后果，并描述解决这些风险或表示无能力采取的措施。基于标准数据保护模型（SDM），我们提供了科学的DPIA，它彻底检查了三个已发布的联系追踪应用程序设计，它们被认为是最“隐私友好”的：PEPP-PT，DP-3T和Chaos Computer Club成员Linus Neumann总结的概念，所有这些过程个人健康数据。DPIA首先分析处理上下文和一些预期的用例。然后，通过定义实际的处理目的来描述处理活动。其次是法律评估和阈值分析。最后，我们分析弱点，风险并确定适当的保护措施。我们证明，即使是分散的实施，也存在许多严重的弱点和风险。从法律上说，同意不适合作为法律依据，因此必须根据法律处理数据。我们还发现，实现数据主体和受影响人员权利的措施还不够。最后但并非最不重要的一点是，我们表明匿名化必须理解为一个连续的过程，该过程旨在分离个人参考，并且基于法律，组织和技术措施的混合。当前所有可用的提案都没有这样一个明确的分离过程。