Privacy of Contact Tracing Apps in Pandemic, the role of Giant data collectors, and EU Sovereignty


  • Ahmad-Reza Sadeghi


  • Alexandra Dmitirienko
  • Patrick Breyer
  • Claude Castelluccia
  • Robert Riemann

Organisation: TU Darmstadt

Room: Online 2

Timing: 10:30 - 11:45 on 29 January 2021

Many countries have introduced and deployed digital contact tracing apps to fight the COVID-19 pandemic. They range from heavily centralized to completely decentralized approaches, each with its own advantages and disadvantages in terms of tracing effectiveness and impact on user privacy. During the dynamic evolution of these approaches, surprisingly, Google and Apple established an unprecedented friendship and agreed on a very special scheme for contact tracing, realizing this in the form of an API called GAEN that they quickly integrated into their mobile operating systems. A multitude of nation-ally rolled out tracing apps are now based on the GAEN approach.

We will discuss problematic aspects and threats that the GAEN approach creates through its security and privacy weaknesses but also through the threats that it poses on the European technological sovereignty as well as the public health system:

• Digital Contact Tracing: What happened to European technological and data sovereignty?
• What happens if Google and Apple stop supporting their API or provide the app themselves?
• To what extent can sensitive information from GAEN-based app users be collected and shared?
• Despite solid alternative proposals from European scientists and experts for a digital contact tracing system, the EU has failed to establish a common system independent of giant data collectors. Why?


Ahmad-Reza Sadeghi

TU Darmstadt (DE)

Ahmad-Reza Sadeghi is a professor of Computer Science, head of the System Security Lab and since 2012 speaker of the Intel Collaborative Research Institute at the TU Darmstadt, Germany. Prior to academia, he worked in R&D of Telecommunications enterprises. He has been continuously contributing to security and privacy research. For his influential research on Trusted and Trustworthy Computing he received the renowned German “Karl Heinz Beckurts” award. In 2018 Prof. Sadeghi received the ACM SIGSAC Outstanding Contributions Award. He is a member of the program committee for conferences in the area of Information Security and Privacy, and currently on the editorial boards of several publications.


Alexandra Dmitirienko

University of Würzburg

Patrick Breyer


Dr. Patrick Breyer is a member of the European Parliament of the Pirate Party Germany and the European Pirate Party since 2019. From May 2012 to June 2019, the lawyer and judge was a member of the Pirate Party in the Schleswig-Holstein state parliament. As a digital freedom fighter, he is committed to defending human rights in the age of the digital revolution in the Committee on Civil Liberties, Justice and Home Affairs and the Legal Affairs Committee. His political work is committed to facilitate freedom and self-determination for all people in a world without mass surveillance.

Claude Castelluccia


Robert Riemann


Robert Riemann holds a Bachelor’s and Master’s degree in Physics from the University of Berlin. In 2017, he received the degree of a doctor in computer science from the Ecole Normale Supérieure in Lyon for his research on the subject of distributed communication systems for e.g. online voting. Since then, he works at the European Data Protection Supervisor (EDPS) in Brussels in the IT Policy unit. He covers mainly web technologies and P2P and follows up on recent technological developments.