In addition to medical methods, technical methods have been and are being used to combat pandemics - in Germany in form of the Corona warning app. But is this app compliant with the current data protection framework? In their lecture on February 16, Mathias Cellarius, SAP's Chief Privacy Officer, and Thomas Klingbeil took this question as an opportunity to examine data protection law in the pandemic. The lecture concludes the public lecture series "Data Protection in Practice".

First, Thomas Klingbeil, Director of Innovation Enablement at SAP SE, gave an exciting insight into the development of the Corona warning app, for which "only" 50 days were allotted. The audience gained insights into the Bluetooth technology used and the communication flows when using the Corona warning app - from scanning the QR code on a SARS-CoV-2 test form to retrieving the Corona test result.

The speakers went on to present the key parameters used by the Corona Warning app to calculate the risk of infection: the signal strength received, the duration of a "risk encounter," and the symptom status of infected individuals queried by the app on a voluntary basis. At this point, it became clear - even to technical laypersons - what major challenges exist in order to ensure that the Corona warning app is designed in a data protection-friendly manner.

The presentation also highlighted the legal challenges of the Corona warning app. The initial focus was on the question of whether data avoidance strategies lead to complete anonymization. The question of the division of responsibility between the Robert Koch Institute on the one hand and the significantly involved IT manufacturers on the other was also addressed. Particularly interesting were the thoughts shared with the auditorium on the much discussed question of whether the use of the Corona warning app could be made mandatory for certain areas of public life.

One disadvantage of the GDPR came up in the ensuing discussion, that it does not designate IT service providers as addressees of the (desirable!) principle of data minimization. Further, numerous questions from the audience concerned the design of the consents in the app, the data protection impact assessment and the demarcation of responsibility between app operators (RKI) and hardware manufacturers (Google, Apple).

At the end of the lecture series, the managing director of the Institute for Legal Informatics, Prof. Dr. Georg Borges, who led the lectures and lecture series, thanked the speakers and participants for exciting views on data protection in practice and the numerous stimulating discussions!


Further information on the lecture series: Data protection in practice


BMAS: ExamAI – KI Testing & Auditing

In the BMAS (Federal Ministry of Labour and Social Affairs) project "ExamAI" Professor Borges' chair develops concepts for auditing and certification of AI applications. Further information: ExamAI


Legal Testbed

The chair of Prof. Borges is developing solutions for Industry 4.0 through the project "Recht-Testbed Industrie 4.0" funded by the Federal Ministry of Economics and Technology (BMWi). More...


As part of the »INITIATIVE« project Professor Borges' team is working on AI-supported communication for autonomous vehicles in traffic. Click here to learn more...

Copyright © 2023 Institute for Legal Informatics.

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.