Ericson Scorsim. Advogado e Consultor em Direito da Comunicação, com foco em tecnologias, mídias e telecomunicações. Doutor em Direito pela USP.

A Autoridade Europeia de Proteção de Dados (European Data Protection Board) aprovou as diretrizes sobre a proteção de dados de geolocalização para fins de rastreamento de contatos no contexto da pandemia do coronavírus.[1] Segundo o documento, a utilização do mecanismo da coleta de dados de geolocalização para o rastreamento das pessoas infectadas pelo coronavírus é uma importante de política pública de saúde. Nesse sentido, um dos pilares para realização da política pública de saúde é a utilização de dados de geolocalização de modo anonimizado (sem a identificação do titular do dado) para a realização do monitoramento dos casos de coronavírus. Pelas tecnologias digitais e através dos serviços dos provedores de serviços de telecomunicações e internet, é possível rastrear a rede de contatos das pessoas infectadas com o vírus.

Regra de consentimento do usuário quanto à coleta dos dados

A coleta de dados de geolocalização deve seguir as diretrizes estabelecidas na ePrivacy (Diretriz sobre privacidade), o qual condiciona o acesso aos dados mediante o consentimento do titular dos dados.

Regras sobre a reutilização dos dados

Além disto, há regras para a reutilização dos dados coletados pelo operadores de serviços de telecomunicações e internet. Assim, o processamento de dados deve seguir a regra do consentimento do usuário, bem como deve estar ajustada as medidas de proporcionalidade quanto à sua finalidade. Portanto, o foco é na utilização nos dados de geolocalização de forma anonimizada (sem a identificação do titular).  Segundo o ato: “The concept of anonymisations is prone to being misunderstood and is often mistaken for pseudonymisation. While anonymisation allows using the data without any restriction pseudonymised data are still in the scope of the GDPR”.  E existem riscos à privacidade e à garantia da anominizacão que devem ser evitados durante a execução da política de rastreamento do coronavírus: “A single data pattern tracing the location of na individual over a significant period of time cannot be fully anonymised. This assessment may still hold true if the precision of the recorded geographical coordinates it not sufficiently lowered, or if details of the track are removed and even if only the location of places where the data subject stays for substancial amounts of time are retained. This also holds for location data that is poorly aggregated”. E prossegue o texto sobre as práticas para se garantir a efetiva anominização: “To achieve anonymisation, location data must be carefully processed in order to meet the reasonability test. In this sense, such a processing includes considering location datasets as a whole, as well as processing data from a reasonably large set of individuals using available robust anonymisation techniques, provided that they are adequately and effectively implement. Lastly, given the complexity of anonymistion processes, transparency regarding the anonymisation methodology is highly encoraged”.

Risco de monitoramento de geolocalização em larga escala de invasão à privacidade

E, ainda, o texto reconhece que a prática de monitoramento de geolocalização em larga escala representa verdadeira invasão de privacidade, daí a necessidade de limites. Eis o texto: “The systemic and large scale monitoring of location and/or contacts between natural persons is a gravfe intrusion into their privacy. It can only be legitimised by relying on a voluntary adoption by the users for each of the respective purposes. This would imply, in particular, that individuals who decide not to or cannot use such applications should not suffer from any disadvantage at all”.

Transparência nas medidas de coletas de dados e responsabilidade das autoridades nacionais de saúde

E, ainda o texto, para garantir a transparência, refere-se à necessidade das autoridades nacionais de saúde serem os responsáveis pelo controle do processamento dos dados. Segundo o texto: “To ensure accountability, the controler of any contact tracing application should be clearly define. The EDPB considers that the national health authorities could be the controlers for such application; other controllers may also be envisaged. In any cases, if the deploymenet of contact tracing apps involves different actors their roles and responsabilities must be clearly establhished from the outset and be explained to the users”.

Princípio da limitação da coleta de dados à finalidade pública

Além disto, o princípio da limitação à finalidade impõe restrições ao processamento de dados: “In addition, with regard to the principle of purpose limitation, the purpose must be specific enough to exclude further processing for purposes unrelated to the management of the COVID-19 health crises (e.g.) commercial or law enforcement purposes). Once the objective has been clearly defined, it will be necessary to ensure that the use of personal data is adequate, necessary and proportionate”.

Princípio da minimização na coleta de dados

Também, há referência da observância do princípio da minimização dos dados (menor interferência possível) no design dos produtos e serviços nos procedimentos do rastreamento dos contatos: “In the context of a contact tracing application, careful consideration should be given to the principle of data minimisation and data protection by design and by default: contact tracing apps do not require tracking the location of individual users. Instead, proximity data should be use; as contact tracing applications can function without direct identification of individuals, appropriate measures should be put in place to prevent re-identification; the collected information should reside on the terminal equipment of the user and only the relevant information should be collected when absolutely necessary”.

General Data Protection Rule e a Saúde Pública

Segundo General Data Protection Rule (GDPR) o processamento de dados é permitido na hipótese de necessidade por razões de interesse público na saúde. Este ato permite a coleta de dados de saúde para fins de pesquisas científicas e o propósito de estatísticas.

Crise não pode ser oportunidade para retenção desproporcional de dados

Mas, segundo as Diretrizes da Autoridade Europeia de Regulação de Dados, a crise não pode ser uma oportunidade para a retenção desproporcional de dados. Conforme o texto: “The current health crisis should not be used as an opportunity to estalhish disproportionate data retention mandates. Storage limitation should consider the true needs and the medical relevance (this may include epidemioly-motivated considerations like the incumbation period, etc) and personal data should be kept only for the duration of the COVID-19 crisis. Afterwards, as a general rule, all personal data should be erased or anonymised”.

Medidas de compliance quanto à coleta dos dados

Há medidas para garantia a equidade, transparência e compliance em relação aos dados:  “In order to ensure their fairness, accountability and, more broadly, their compliance with the law, algorithms must be auditable, and should be regularly reviewed by independt experts. The application’s sour code should be made publicly available for the widest possible scrutiny”.

Correção dos rumos da coleta de dados de falsos positivos

Ademais, é necessário para corrigir os rumos diante de casos de falsos positivos:  “False positivs will always occur to a certain degree. As the identification of an infection risk probably can have a high impact on individuals, such as remaining in self isolation until tested negative, the ability to correct data and/or subsequent analysis results is a necessity. This, of course, should only apply to scenarios and implementation where data is processed and/or stores in a way where such correction is technically feasible and where the adverse effects mentioned above are likely to happen”.

Princípio da minimização do impacto da coleta de dados

E sobre o princípio da minimização do impacto da coleta de dados: “According to the principle of data minimization, among other measures of Data Protection by Design and by Default, the data processed should be reduced to the strict minimum. The application should not collect unrelated or not needed information, which may include civil status, communications identifiers, equipment directory items, messages, call logs, location data, device identifiers, etc”.

Técnicas de criptografia dos dados

Igualmente, sugere-se a adoção de técnicas de criptografia dos dados: “State-of-the art cryptographic techniques must be implemented to secure the data stored in servers and applications, exchanges between applications and the remote server. Mutual authentication between the application and the server must also be performed”. Resumo dos critérios para utilização dos aplicativos de rastreamento de contatos devido ao coronavírus: i) the use of such an application must be strictly voluntary. It may not condition the acess to any rights guaranteed by law. Individuals must have full control over their data at all times, and should be able to choose freely to use such an application; ii) contact tracing applications are likely to result in a high risk to the rights and freedoms of natural persons and to require a data protection impact assessment to be conducted prior do their deployment; iii) information on the proximity between users of the application can be obtained without locating them. This kind of application does not need, and, hence, should not involve the use of location data; iv) when a user is diagnosed infected with the SARS-COV 2 virus, only the persons with whom the user has been in close contact within the epidemiologically relevant retention period for contact tracing, should be informed”. E prossegue ainda o texto:  “the operation of this type of application might require, depending on the architecture that is chosen, the use of centralised server. In such a case an in a accordance with the principles of data minimisation and data protection by design; the data processed by the centralised server should be limited to the bare minimum: when a user is diagnosed as infected, information regarding its previous close contacts or the identifiers broadcasted by the user’s application can be collected, only with the user’s agreement. A verification method needs to be established that allows assserting that the person is indeed infected without identifying the user. Technically this could be achieved by alerting contacts only following the intervention of a healthcare professional, for example by using a special one-time code; the information stored on the central server should neither allow the controller to identify users diagnosed as infected or having seen in contact with those users, nor should it allow the inference of contact patterns not needed for the determination of relevant contacts”. Continua o texto: “The operation of this type of application requires to broacast data that is read by devices of other users and listening to these broadcasts: it is sufficient to exchange pseudonymous identifiers between. User’s mobile equipment (computers, tablets, connected watches, etc), for example by broadcasting them (e.g. via the bluetooth low energy technology), identifiers must be generated using state-of-the art cryptographic processes, idenfiers must be renewed on a regular basis to reduce the risk of physical tracking and linkage attacks. The type of application must be secured to guarantee safe technical processes. In particular: the application should not convey to the users information that allows them to infer the identity or the diagnosis of others. The central server must neither identify users, or infer information about them”.

Em síntese, a União Europeia, através do European Data Protection Board, dá passos importantes na direção da otimização das tecnologias digitais, aplicativos e as redes de telecomunicações e internet no combate à pandemia do Coronavírus, mas, ao tempo, busca proteger a privacidade dos dados pessoais dos cidadãos.

[1] EDPB – European Data Protection Board – Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, adopted on 21 de april 2020.