Sponsored by China Society for Human Rights Studies
Home>Journal

The COVID-19 and the “European Solution” of Data-based Approach to Governance: Public Security or Data Protection?

2023-01-12 00:00:00Source: CSHRS
The COVID-19 and the “European Solution” of Data-based Approach to Governance: Public Security or Data Protection?
 
LIU Yang* & LI Yibin**
 
Abstract: To cope with the challenges of COVID-19, Europe has adopted relevant measures of a data-based approach to governance, on which scholars have huge differences, and the related researches are conducive to further discussion on the differences. By sorting out the challenges posed by the pandemic to public security and data protection in Europe, we can summarize the “European Solution” of the data-based approach to governance, including legislation, instruments, supervision, international cooperation, and continuity. The “Solution” has curbed the spread of the pandemic to a certain extent. However, due to the influence of the traditional values of the EU, the “Solution” is too idealistic in the balance between public security and data protection, which intensifies the dilemma and causes many problems, such as ambiguous legislation, inadequate effectiveness and security of instruments, an arduous endeavor in international cooperation, and imperfect regulations on digital green certificates. Therefore, in a major public health crisis, there is still a long way to go in exploring a balance between public security and data protection.
 
Keywords: European solution · data-based approach to governance · data protection · public security 
 
Introduction
 
Digital technology has played an irreplaceable role in the global fight against the COVID-19 pandemic, has posed a huge challenge to humanity. Electronic health status and contact-tracing applications and electronic health systems have been effective in containing the spread of the pandemic. However, the massive collection of personal data by the public and private sectors during the pandemic has raised concerns about data protection. Although Europe is at the forefront of data protection rules, its data-based approach to governance for the sake of public health is still being questioned in the face of the pandemic. Wojciech Wiewidrowski, the European Data Protection Supervisor (EDPS), issued a statement on April 30, 2020, saying that there does not need to be a trade-off between public health security and data protection, and that democracies in the pandemic era can and must have both.1 However, on September 28, 2021, he had to acknowledge that Europe had learned many lessons from the COVID-19 pandemic and needed to apply new technologies by developing new instruments, building new perceptions and fully understanding the risks such technologies could pose to society.2 Even Europe, which is confident that a balance can be struck between public security and data protection, has still faced a lot of problems in terms of data governance during the pandemic.
 
The 43rd Global Privacy Assembly (GPA)3 held in October 2021 focused on data protection in the context of the pandemic and identified the latest difficulties and challenges facing humanity in privacy data protection and public health security. As of November 1, 2021, the cumulative deaths from COVID-19 worldwide had exceeded 5 million, and the loss of so many lives has confirmed a cruel reality, that is, the SARS-CoV-2 virus may frequently mutate, and the anti-pandemic marathon is far from over.4 Based on current trends, the fight against the pandemic is likely to become a “protracted battle”, and the issue of striking a balance between public security and data protection is likely to persist. Therefore, the definition and evaluation of the European solution of a data-based approach to governance in its pandemic response are of great reference value for both current and future considerations of public security and data protection in the application of digital tools.
 
I. Literature Review: Two Distinct Views
 
In April 2016, the European Union adopted the General Data Protection Regulation (GDPR), which aims to protect the data privacy of EU citizens. The GDPR claims to be the most comprehensive, stringent, and advanced data protection legislation in the world. The GDPR came into effect throughout the European Union in May 2018. The European Union has long been a world leader in the formulation of data protection rules. But while the European Union has repeatedly stressed that data protection rules will not stand in the way of the fight against the pandemic, questions have been raised about its data governance policies during the pandemic. Among them, the debate between public security and data protection has become a core issue. Existing research results have formed two distinct views on data governance in the European Union after the SARS-CoV-2 outbreak.
 
The first view is positive about data governance in the European Union during the pandemic. According to research, in the face of challenges to fundamental rights of privacy and data protection during the pandemic, the European Union’s legal framework for data protection has been designed flexibly enough to effectively contain the virus and protect fundamental human rights and freedoms.5 Some scholars believe that the research exemption clause of the GDPR can support the global anti-pandemic work and contribute more to the solidarity and cooperation of the EU member states during the pandemic.6 Other scholars hold that the EU’s pandemic governance highlights its internal solidarity and the strong resilience of the EU model.7 It has been suggested that the European Union’s explorations in the area of digital governance and rules has been fruitful.8 Some scholars have specifically discussed Europol’s data protection mechanism, affirming its significance in the post-pandemic era.9 Some scholars believe that the use of digital technology is very important in the fight against the pandemic, but it is necessary to ensure that these technological tools are used ethically. Ethical-legal analysis should be included in the design of technology-based governance procedures. According to one study, the European Union can ensure the stability of digital tools while meeting the ethical requirements as much as possible.10 The COVID-19 crisis will inevitably result in violations of basic human rights, but the European Union can maximize privacy by finding a data-minimization solution for the use of contact-tracing tools.11
 
The second view questions data governance in the European Union in the context of the pandemic. Some scholars believe that compared with privacy protection, curbing the pandemic is the top priority. However, the existing data governance system in the European Union is too divergent in a state of crisis, failing to carry out cooperation in the digital technology-based fight against the pandemic.12 Studies have shown that the shortcomings of the EU data governance system lie in a major divergence between the “privacy first” approach to citizens’ data and the “data first” approach to the study of virus data; the frequency of data leaks in Europe exposes weaknesses in its digital governance system, heightens citizens’ distrust of digital technology and hampers large-scale public data collection for public health security.13 Some scholars found that although the EU member states had introduced their respective measures to deal with the pandemic, there were too many differences in the degree of stringency and specific operation methods. Although the European Commission has attempted to coordinate actions among member states by issuing relevant guidelines, movement restrictions and the resulting uncertainty have greatly affected people, economies, and societies, calling into question their effectiveness and rationality.14
 
Other scholars have pointed out that although regulations such as GDPR explicitly reserve exposure involving “public interest first,” there are a lot of disputes among countries in their agreement on whether, when, and how to use the “public interest first” regulatory exposure, resulting in pandemic control missing the optimal period.15 Some scholars believe that the COVID-19 pandemic has made the EU more dependent on digital technologies, from telecommuting to virus tracing systems, which has also induced a large number of cyber crimes and increased the cyber security risks faced by countries, enterprises, and citizens. The current EU policy path for network security is still stuck in the era of traditional digital technology, and the trust between public and private sectors is not synchronized with the discourse shift, so it cannot effectively alleviate the tension caused by the rapid development of digital applications.16 Some studies argue that when epidemics seriously affect public health security, the need to fight the epidemic and the protection of individual rights are often easily out of balance. During the COVID-19 pandemic, although the European Union is supported by a strong data protection regime, the collection of personal data by relevant technical means still poses a serious threat to privacy17.
 
The literature review shows that the existing results do not systematically summarize the EU solution of a data-based approach to governance after the outbreak of COVID-19, nor do they explore the balance between public security and data protection in depth. While the European Union has repeatedly stressed the importance of a balance between public security and data protection, further analysis is needed to see whether its data governance policies have met their predetermined goals during the COVID-19 pandemic. The outbreak of COVID-19 is arguably the biggest test that the European Union has suffered since its inception. This paper attempts to summarize a set of “European solutions” for data governance by sorting out the challenges posed by the COVID-19 pandemic to the European Union in terms of public security and data protection, and through an evaluation and reflection of the solutions, to answer whether the European Union has taken into account both public security and data protection during the crisis. It is hoped that this paper will have reference significance for data governance during and after the pandemic.
 
II. The Dual Challenges Posed by COVID-19 to Europe: Public Security and Data Protection
 
After the outbreak of COVID-19, some European Union countries became the epicenter of the pandemic due to their inadequate response to the pandemic in the initial stage. The pandemic has caused serious damage to public security, including threats to the health and safety of citizens, economic downturn and employment decline, and increased social and political instability. Moreover, due to the spread of the virus and the implementation of some anti-pandemic measures, the data protection situation in the Europe Union has become more serious. The dual challenges of public security and data protection have exacerbated data governance in the European Union amid the pandemic.
 
A. Public security is under serious threat
 
Public security refers to the protection of life, property, and goods from hazards such as disasters or accidents.18 The European Union itself does not provide a clear definition of public security, and the concept of public security in relation to legislation or disputes in member states is generally interpreted at the discretion of the Court of Justice of the European Union.19 In response to the COVID-19 crisis, the EU Security Union Strategy, published on July 24, 2020, clarifies the impact of COVID-19 on European security and reshapes the EU’s public security policy accordingly, emphasizing the need to secure both the physical and digital environments. The EU believes that the COVID-19 pandemic has had a significant impact on the EU’s cyber security, and further on its economic and social security, by enabling new technologies to operate in many businesses and public services.20Therefore, the public security discussed in this paper includes economic security and social security in addition to the public health security caused by the COVID-19 pandemic.
 
First of all, since the outbreak of COVID-19 in Europe, the lives and health of people in European countries have been subject to severe threats. As of April 30, 2022, the number of confirmed cases in the European Economic Area had reached 139,151,564, including 28,645,285 confirmed cases in France, 11,930,078 in Spain, 16,463,200 in Italy, 24,919,986 in Germany and 5,909,025 in Poland. The number of deaths in the European Economic Area as of that date was 1,085,379, with 163,507 in Italy, 145,93’0 in France, 139,223 in Germany, 105,093 in Spain and 116,059 in Poland.21 More worryingly, the number of confirmed cases and deaths has continued to rise. In a risk assessment published on September 30, 2021, the European Centre for Disease Prevention and Control (ECDC) concluded that the level of vaccination in the European Union was insufficient and the risk of infection and mortality remained high and that in this context, vaccinated susceptible populations also faced a significant threat due to the high communicability of the virus.22 Although vaccine research and development have eased the epidemic situation in Europe, the novel coronavirus still poses risks to the health and safety of people and may persist for a long time. Therefore, the current and future anti-pandemic situation are still challenging.
 
Second, the COVID-19 pandemic has also taken a huge toll on employment and economic conditions in Europe. The pandemic has plunged the European Union into its most serious state of crisis since its inception and exacerbated the divisions among member states. The pandemic has hit southern Europe particularly hard, including countries such as Greece, Italy, Portugal, and Spain, exacerbating their economic recession and debt levels. In 2020, the European Union’s overall GDP fell by 6.3 percent and that of the Eurozone declined by 6.8 percent, and strict lockdown measures and supply chain disruptions have led to the worst recession in Europe in modern times. Although it was predicted that the epidemic situation in Europe would ease in 2021, but due to the high communicability and high variability of the Omicron strain of the virus, the epidemic is continuing, and there is even a more serious trend, which also leads to the existence of economic risks in Europe. On top of that, for member states, the degree of economic recovery varies from country to country due to different levels of lockdowns, varying vaccination rates, and differences in economic structure. Overall, the European recession has led to a sharp rise in unemployment, with the greatest impact on the poor and the underprivileged, including immigrants, young people, and women.
 
Finally, the recession and the continued rise in unemployment have led to social stability and political unrest in some European countries. Particularly in the already fragile southern part of the European Union, shortages of supplies and declining incomes have led to a rapid increase in crime among marginalized populations, posing a serious risk to social stability. At the same time, changes in the traditional political landscape within European Union member states have been intensified, and the economic recession has led to a decline in popular trust in mainstream parties and rising support for populist parties and anti-establishment parties. The ongoing the pandemic in Europe, further containment measures, economic recession, vaccine availability, regulatory issues, and fiscal challenges, are likely to continue to spark popular discontent and lead to a rise in extremist ideologies that threaten social and political stability.
 
B. Data protection has become a prominent issue
 
Although the European Union is a world leader in the field of data protection rules, in the face of the raging pandemic, the EU’s solution to data governance has been questioned because it poses a serious challenge to human rights, freedom, privacy, and other values that it has always attached the greatest importance to. According to Alessandra Pierucci, Chair of the Committee of Convention 108, “Being aware of the unprecedented challenge we are facing, it is crucial to resist the temptation of uncritically suspending the protection of fundamental rights without ensuring a careful assessment of the proportionality and efficiency of the measures to be taken.”23
 
The first issue is the “derogation” of the fundamental rights of individuals due to pandemic prevention and control measures. To contain the spread of the virus, EU officials, member states, and the private sector have imposed restrictions on citizens’ fundamental rights such as freedom and privacy through the development and application of digital technologies. The measures mainly include (1) Restriction of personal activities, including social distancing, restriction of public gatherings, quarantine and lockdown measures; (2) Reporting health conditions, including COVID-19 testing, temperature measurement, health investigation, and internal reports; (3) Health tracking mechanisms, including manual and automatic tracking and contact tracing mechanisms. While some Europeans have expressed understanding of the “derogation” of rights during the pandemic, the majority are very concerned about the protection of data and the loss of freedoms of movement. The public sector collects and processes citizens’ personal data on a large scale through digital technologies, while there is a very limited level of transparency among data controllers and processors in their processing of personal data; out of the cost-benefit considerations based on the high cost of technology and capital required for privacy protection, there is also a lack of effective privacy protection in the private sector. According to some results, with the spread of COVID-19, the government’s authority on personal data collection is also expanding. The data not only involves patients and related personnel but also include data on education, work, personal social network, etc.24 In terms of data monitoring during the pandemic and data control after the pandemic, what measures and mechanisms will be adopted by the government and the private sector to eliminate public concerns is also an urgent issue to be addressed.
 
Second, data security incidents such as data leaks and malicious attacks have occurred frequently during the pandemic. In addition to security concerns over the processing of personal data by the public and private sectors, there has been a spike in the cybercrime rate during the pandemic. Europol has warned of a rapid rise in cybercrimes during COVID-19 as criminals illegally profit from shopping scams, telecommuting exploits, phishing, ransomware, mobile malware, and more. This type of crime becomes more lucrative as vulnerable groups, such as the elderly, are forced into remote activities. Advanced forms of malware are the number one threat, and criminals have turned some traditional banking trojans into modular malware to cover more PC digital fingerprints.25 The importance of healthcare infrastructure during the pandemic has made hospitals and other public services important targets for criminals, while the devices used by people working or studying from home, which are often less secure, are also vulnerable. In conclusion, the emergence of COVID-19 has exerted serious impacts on cybersecurity and data protection in Europe.
 
As EDPS Commissioner Wojciech Wiewiórowsk has argued, while the EU’s commitment to fundamental rights to data protection and privacy is unquestionable, the initial response of member states to the COVID-19 crisis was not coordinated. From a public health perspective, data is indispensable for monitoring the evolution of the pandemic and for enhancing risk management. But from a humanitarian point of view, increasing reliance on digital technology will lead to widening security breaches, and increased surveillance capabilities will increase the risk of discrimination against vulnerable groups.26 Experts in various fields discuss the same issue from different perspectives, resulting in great differences. The European Data Protection Board (EDPB) also stressed that automated data processing and digital technologies could be key to the fight against the pandemic. However, one should be wary of the “ratchet effect.”27 It is the responsibility of European data protection authorities to ensure that measures taken in a major crisis comply with the principles of necessity, temporality, and proportionality, and are subject to regular review and scientific evaluation.28 As a result, the outbreak has made data governance in Europe more complex and uncontrollable. In response to the twin crises of public security and data protection brought about by the pandemic, the EU has developed a series of digital governance measures, which this paper refers to as the “European Solution.”
 
III. The “European Solution” to a Data-based Approach to Governance during the COVID-19 Pandemic
 
As discussed above, the COVID-19 pandemic poses a serious threat to both public security and data protection in EU countries. Therefore, the European Union has attempted to develop a “European solution” for data governance improvement, so as to achieve a balance between public security and data protection during the pandemic. As shown in Figure 1, the “European solution” is divided into legislation, instruments, supervision and international cooperation, among which legislation is the foundation; digital tools developed by the EU and others are important means; international cooperation is a useful complement, mainly including cross-border data exchange and cooperation with other countries and regions; effective supervision is a necessary safeguard, and the main supervision subject is the European Data Protection Supervisor. What needs emphasizing though is that the green digital certificate is one of the tools, due to the possibility of a persistent pandemic and the important role of the certificate in the post-pandemic era, it is separately discussed in this paper. 
 
A. Legislation: derogation of individual rights
 
European legislation on data protection is represented by the GDPR. In terms of relevant provisions, the GDPR provides for “derogation” clauses for special purposes such as public interest to cope with major public crises. The legislation provides the legal basis for measures to combat COVID-19 and is the cornerstone of Europe’s philosophy in trying to balance public security and data protection.

 
The GDPR aims to regulate individuals and organizations that handle data and ensure the highest standards of protection for personal data across the EU. In the Statement on the Processing of Personal Data in the Context of the COVID-19 Outbreak, Andrea Jelinek, Chair of the European Data Protection Board (EDPB), said, “Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic. However, I would like to underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects. Therefore, several considerations should be taken into account to guarantee the lawful processing of personal data.”29 The GDPR, as a comprehensive piece of legislation, contains special provisions specifically for the processing of personal data in the context of a major crisis. Of these, section 9(2)(i) explicitly allows the processing of sensitive personal data (including genetic data, biometric data, and health-related data) if it is “necessary in the public interest in the field of public health.” In addition, section 9(2)(j) provides that sensitive personal data may be processed without consent in the public interest, for scientific or historical research purposes, or statistical purposes, subject to appropriate safeguards. Articles 10, 46, 52, 53 and 54 also specify situations in which the public interest requires the processing of special categories of personal data.30 In general, for the processing of sensitive personal data, the GDPR adopts a protection model under which prohibitive processing is the mainstay and permissive processing is an exception. During the COVID-19 pandemic, the GDPR provides a flexible legal framework for the public and private sectors to process personal data. 
 
At the legislative level, European data protection regulations provide for data protection in the case of major crises. Therefore, there are laws governing the processing of personal data during emergencies such as COVID-19. The EDPB stressed that EU data protection laws could ensure that personal data is handled without infringement of individual rights and freedoms and that people did not have to make a tradeoff between the two.31
 
B. Instruments: application of digital technologies promoted
 
For the EU, member states, and other actors, digital tools are indispensable in the response to COVID-19. To better contain the spread of the SARS-CoV-2 virus and ensure public security, concerned parties have been developing and applying digital tools, which are an important means and a core part of the “European solution.” To prevent threats to data protection caused by such digital tools, the European Union has successively issued guidelines on the application of relevant tools to strike a balance between public security and data protection.
 
1. Mobile applications. According to Mobile Applications to Support Contact Tracing in the EU’s Fight against COVID-19 Common EU Toolbox for Member States32 and Communication from the Commission Guidance on Apps Supporting the Fight against COVID-19 Pandemic in Relation to Data Protection,33 the European Union has developed and regulated relevant mobile applications. Mobile applications, especially for contact tracing and warning, can play an important role in all stages of epidemic prevention and control, cutting the chain of the infection quickly and efficiently. Properly deployed, such tools can be effective in curbing the spread of the epidemic; lack of adequate safeguards may lead to serious violations of data protection rights. In addition, the lack of a systematic approach to the use of such tools is likely to affect their effectiveness in containing the spread of the virus, and thus the overall anti-pandemic progress in Europe. Therefore, in the context of e-health networks, the EU member states have stipulated that both the Toolbox and the Guidance apply only to applications for a voluntary purpose, that is, applications downloaded, installed, and used voluntarily by individuals.
 
2. Location tracing tools. In Guidelines 04/2020 on the Use of Location Data and Contact Tracing Tools in the Context of the COVID-19 Outbreak,34 EDPB believes that systematic and large-scale monitoring and tracing of the location of natural persons is a serious invasion of their privacy. Therefore, the adoption of such technologies needs to be based on the legitimacy of voluntary users. However, for exceptions, the EDPB also has special instructions. According to Articles 6 and 46 of the GDPR, public authorities are authorized to use such procedures when necessary to protect the public interest. Although data and technology are important anti-pandemic tools, they have inherent limitations and therefore the scope and principles of their use must be strictly regulated.
 
The Guidelines clarify that the use and processing of data must follow the principles of proportionality and purposiveness, etc.35. The use of location data and contact tracing tools, based on the principle of proportionality, serves two main purposes: (1) using location data to support the response to the pandemic by modeling the spread of the virus to assess the overall effectiveness of confinement measures; (2) contact tracing, which aims to notify individuals of the fact that they have been in close proximity of someone who is eventually confirmed to be a carrier of the virus, in order to break the contamination chains as early as possible.
 
Other digital solutions. Other digital solutions and tools that help monitor the spread of the virus are often not regulated by specific laws. For example, the processing of the health data through websites and applications; electronic bracelets tested in some countries that measure skin temperature, pulse, breathing, and blood flow; smart cameras used in various ways to control facial recognition in isolated areas; widely used thermal scans to monitor access to public and private premises; drones and robots used for monitoring compliance with distance intervals in public spaces.
 
C. Supervision: implemented in an all-round way
 
The European Data Protection Supervisor is an independent supervisory body of the European Union. During the COVID-19 pandemic, the EDPS has consistently focused on and supervised the data processing behaviors of the European Union, its member states, and other actors, seeking to maximize the protection of personal data security while promoting public interests. Considering the large number of member states of the European Union, which results in huge differences in their law execution and policy-making, supervisory bodies are very important for supervising the implementation of relevant regulations among the member states. The 2020 EDPS Annual Report released by the EDPS details the efforts of the body in supervising data protection during COVID-19.36 In the immediate aftermath of the COVID-19 pandemic, the EDPS established an internal task force to actively monitor and evaluate the government and private response to the pandemic. Throughout 2020, the Task Force monitored developments and prepared for future data and privacy protection after the crisis. The EDPS has consistently stressed the need for a pan-European approach to the pandemic. In addition to guiding European Union institutions (EUI), the EDPS works closely with other members of the European Data Protection Board (EDPB) to provide practical guidance on the most pressing challenges of the pandemic. Key measures include conducting data evaluation and guidance for tracking and monitoring applications; supporting the rational use of data by EU institutions to help them respond to crises, working closely with data protection officers to provide instructions; helping EU institutions develop contact tracing systems and bring the technology into compliance with privacy regulations. For example, during the pandemic, many institutions began to conduct temperature screening, which has been carefully evaluated by the EDPS to ensure compliance with the EU data protection law, given the potential for breaches of privacy and data protection rights. The EDPS stressed that personal data processing techniques related to the outbreak must be temporary, have a clear and reasonable purpose, and comply with the EU data protection law.
 
D. International cooperation: safe cross-border data flow guaranteed
 
During the COVID-19 pandemic, the EU worked proactively to boost cross-border data cooperation to achieve better anti-pandemic effects. At the same time, the security of cross-border data flow also needs to be safeguarded. There are three main legal ways for cross-border data flows in the European Union: (1) data transfer to a third party that has obtained an “adequacy decision” by the European Union; (2) exceptional scenarios (including the consent of the data subject or the need for the performance of a contract, etc.); (3) whether adequate safeguards are available. Among them, the main factors of an “adequacy decision” include the personal information protection legislation, law enforcement, relief mechanism, etc. in the third country. With fewer than 20 countries meeting its “adequacy decision” to date, and exceptions rarely occurring in practice, the approach of having adequate safeguards has become the European Union’s main means of expanding cross-border cooperation on data.
 
At Euroactive’s Virtual Conference on Data Privacy, Vice-President of the European Commission Věra Jourová said, “The EU is not to erect barriers, but to create bridges. To be open and allow data to flow provided that there is continuity of protection. Promoting strong privacy standards and data flow — and thus trade — can and should be complementary objectives.”37 To ensure the orderly flow of data across borders during the COVID-19 pandemic, the EDPB has issued specific guidelines.38 In the guidelines, the EDPB provides guiding principles for the transfer of personal data from public bodies in the EEA to public bodies in third countries or international organizations and works to facilitate administrative cooperation at different levels in the GDPR. The EDPB stresses that public bodies should adopt adequate safeguards when transferring personal data and clarify the core data protection principles that transfer parties should ensure. Article 48 of the GDPR states, “Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognized or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer pursuant to this Chapter.”39 The EDPB states that any international agreement between EEA and nonEEA public authorities should specify the protection of the rights of data subjects and provide corresponding remedial mechanisms to enable data subjects to exercise their rights in practice.
 
E. Continuity: digital green certificates issued
 
Due to the repeated outbreaks, in order to maintain the normal operation of society and the economy, long-term strict lockdown measures are not feasible. How to ensure the safe movement of people during the pandemic is vital to the recovery of political, economic, and social life, and is also the focus of consideration by European countries. To this end, on March 17, 2021, the European Commission proposed the issuance of a Digital Green Certificate. During the COVID-19 pandemic, the European Union tried to ensure the safe movement of people within the European Union by means of digital green certificates.
 
The Commission established a gateway to ensure that all certificates could be verified across the European Union and provided technical support to member states. Member states have the right to decide which public health restrictions to exempt travelers from, but such exemptions must be applied in the same way to travelers holding green digital certificates. The relevant regulations of the digital green certificate mainly include the following: 1. The certificate is issued in electronic or paper form and applies to all EU citizens, including three types: vaccination certificate, nucleic acid test certificate, and COVID-19 recovery certificate; 2. In the principle of non-discrimination, travelers holding digital green certificates enjoy equal rights, and if member states still require certificate holders to be quarantined or tested, they must notify the Commission and all other member states and explain the reasons for taking such measures; 3. Only necessary information and personal data are provided: The certificate includes only limited personal information, which can only be used to verify the authenticity and validity of the certificate. The digital green certificate is valid across all EU member states and open to Iceland, Liechtenstein, Norway, and Switzerland.40 It is worth noting that the European Union has committed to the digital green certificate being a temporary measure that will be suspended as soon as the World Health Organization declares the COVID-19 emergency over.41 The issuance of the digital green certificate aims to establish a pan-European framework to guarantee the right of free movement for Europeans within the European Union during the pandemic.
 
All in all, after the outbreak of COVID-19, facing the challenge of public security and data protection, the European Union has learned lessons, quickly formulated and promulgated a series of recommendations, statements, guidelines, etc., and made new interpretations of available legislation, building a relatively well-rounded system for data protection during the pandemic, but whether the “European solution” truly achieves a balance between public security and data protection deserves further study.
 
IV. Evaluation of the “European Solution”: Contradictions between Ideal and Reality
 
As described above, in order to cope with the security crisis brought about by COVID-19, the European Union has created a well-rounded “European solution” on data governance, including legislation, instruments, supervision, and international cooperation, seeking to build a “perfect solution” that can deal with the public crisis without violating the fundamental rights of individuals. The European Union has always stressed that it seeks a balance between the two. It is necessary to admit that the “European solution” has indeed played a positive role in pandemic prevention in the European Union, but the problems exposed by it deserve more attention. In the context of a fast-changing era of digital technology, and in the face of the COVID-19 crisis that threatens all humanity, EU values make an improper trade-off between public security and data protection. In general, the “European solution” has not achieved its preset objectives, failed to balance public security and data protection, and this solution is full of contradictions between “ideal” and “reality.”
 
A. About legislation: hard law not binding enough
 
The GDPR is statute law, billed as the toughest data-protection regulation in history, but its enforcement seems to be underperforming that claim. First, the scope of protection is too broad for enforcement. Studies have suggested that while the European Union aims to provide the most well-rounded data protection possible, the GDPR is so broad in substance that it cannot be effectively observed in practice and is either ignored or attacked. European data protection law risks becoming the “law of everything”.42 The COVID-19 crisis shows that there are huge differences among the EU member states in their privacy protection. With regard to the implementation of the contact tracing procedure, the GDPR does not clarify the proportionality of privacy restrictions, hampering the consistent and high-level protection of individuals’ fundamental rights in the European Union.43
 
Second, there is a lack of an accurate definition of some concepts in the GDPR, leading to a failure of operability across the EU member states. As a golden standard for data protection legislation in the European Union, the GDPR fails to offer a clear definition of many keywords. Although there is a view that this reflects the flexibility of the GDPR and the objective need for more member states to implement the GDPR as soon as possible, these unclear concepts and overly flexible frameworks exposed its inherent flaws during the pandemic, which hampered the pandemic response in Europe. Among the GDPR’s key concepts, some scholars have argued that using the “consent principle” as a legal basis for the secondary use of sensitive health data is extremely challenging and even impractical. In addition, the lack of uniform application and interpretation of the “public interest” rationale at the national level has also been subject to criticism for impeding the timeliness and effectiveness of cooperation.44
 
For example, although Articles 6, 9, and 89 of the GDPR provide for “derogation clauses” in emergencies, these clauses are rarely applied in practice due to the ambiguity of the concept and the heterogeneity of member states. The conditions and extent of processing health data for scientific research purposes and the restrictions on the rights of data subjects vary depending on the laws enacted in different member states. To avoid potential liability, national research institutions are reluctant to apply these “exemptions,” and the GDPR unduly restricts data sharing outside the European Union and lacks consideration for the greater public good, thus hindering global cooperation in the fight against the pandemic.45
 
During the pandemic, the public interest basis may be more appropriate for scientific research than the consent basis, given the high standards set by the GDPR, which leaves the specific definition of public interest to individual member states, requiring clarification by member states in accordance with their domestic legislation. However, the views among member states are varied, and differentiated legislation affects the efficiency of cooperation. Within the seemingly united European Union, the divisions between member states are widening. This trend has been intensifying since the United Kingdom’s exit from the European Union. In particular, the challenge to EU values and the rejection of EU jurisdiction by Poland and Hungary reached a peak during COVID-19. The inability of countries to agree on the “public interest first” has led to controversies in the fight against the pandemic, resulting in a missed opportunity to contain the pandemic.
 
B. About instruments: inadequate effectiveness and security
 
The series of instruments developed in Europe for data protection under the pandemic, while seemingly complete, has several loopholes at the practical level. In designing the relevant instruments, the European Union expects to maximize public security while improving data protection. It is argued that an important feature of the European Union’s response to COVID-19 is that expectations are high but the tools are limited. This limitation in tools is also evident in the case of data governance. Data sharing is key to understanding the evolution of the outbreak and adjusting measures as needed. While the European Centre for Disease Prevention and Control (ECDC) can collect and share data, there is a lack of consistency in the data collected. Although EU member states can share data, the data varies widely in quality and level of detail.46 Both the EU institutions and the member states overestimated their technological capabilities, resulting in the application of digital technologies that did not effectively respond to the COVID-19 outbreak.
 
First, the effectiveness of the digital tools has been limited. Digital tools attempt to automate “decision-making” on tracking procedures, etc., by automatically collecting and analyzing data. On the surface, this approach can both safeguard public security and curb the spread of the epidemic, while at the same time avoiding data leaks by placing personal data in the background. However, there may be large loopholes behind the application of these technologies. For example, the “passports” issued through the artificial intelligence technology may lead to an omission of some risky groups, especially the so-called antibody test, which faces a serious risk. The World Health Organization warns that “there is currently no evidence that people who have recovered from COVID-19 and have antibodies are protected from a second infection.”47 Not only that but when digital technology is applied to tracking, the effectiveness of its automated decision-making is also questionable. Since the pattern of transmission of the virus is still unclear, the accuracy of the mathematical model constructed to assess the risk of virus transmission cannot be guaranteed. Some scholars have expressed concern about the application of digital tracking technology. Clear and profound reflection is needed for designing a sound institutional structure. Especially when it comes to health data and the public interest, the role of large technology platforms such as Google and Apple and public institutions in managing data must be regulated.48
 
Second, digital tools are not secure enough. Digital technology is mainly used to track and control the movement of people to curb the spread of the pandemic. However, the functionality of such procedures has been extended in some countries by the government and the private sector. The ability to collect personal data at scale can easily lead to data security issues. And, due to the lack of effective constraints and adequate test evaluation, some hastily used applications have become “vulnerabilities” in data protection. In addition, in the application of mobile terminals and internet tools, in order to control the flow of people, relevant entities collect data from social media and telecom operators to draw a “hot spot map” of population flows. However, relevant data controllers overstep their authority when dealing with personal data. Such overstepping of privacy rights also exists in websites, social media, electronic bracelets, and other tools. In addition, remote work and learning caused by the pandemic have generated a large amount of data, which is closely related to personal privacy, national security, and corporate interests. However, the processing and protection of these private data are not satisfactory. In Germany and Denmark, for example, there are serious concerns about the irreversibility of loss of anonymity and the potential for third-party access to data.49
 
C. About international cooperation: a long and tough way to go
 
In terms of cross-border data flows, the European Union hopes to expand exchanges and cooperation with relevant countries and regions. However, in the era of digital technology, the competition for dominance of rules is inevitable, and the ideal of Europe leading cross-border cooperation on data protection is difficult to realize. This is most evident in Europe’s cross-border digital cooperation with the United States. The safe and free flow of data is an objective requirement in the era of the digital economy, but how to formulate specific rules is related to a game of politics, economy, and concepts among countries.
 
On July 16, 2020, the Court of Justice of the European Union ruled in C-311/18 (Schrems II) that the legal framework of the EU-US Privacy Shield was invalid.50 The invalidation of the EU-US Privacy Shield reflects that the main challenge of the cross-border data flow between the European Union and the United States is the conflict between the US national security law and the EU personal data protection law, which is rooted in the EU’s “technology sovereignty” strategy to counter the digital hegemony and surveillance capitalism of the United States.51 The EDPS issued a strategy document on October 29, 2020, aimed at monitoring compliance with the “Schrems II” judgment. The EDPS launched a mediation against the US internet giants Google and Microsoft, warning against the giant US technology companies infringing on the personal data privacy of the European Union in data transmission, and conducting “surveillance” activities on relevant subjects and people in the European Union. Due to the lack of comprehensive federal privacy legislation in the United States, its data protection status has not received an “adequacy decision” from the European Union. Even so, the European Union wants to expand cross-border data cooperation with the United States Vera Jourova, Vice-President of the European Commission, said the digital world without strong privacy and data protections would expose the EU democracy to more unknown risks and hoped that the US government would see it in the same way. It is hoped that the European Union and the United States can work together at bilateral and multilateral levels.52 Some scholars believe that the “Schrems II” decision clarifies the fundamental differences between the European Union and the United States in the ideas concerning data protection, national security, and human rights. An analysis of historical institutions suggests that structural changes in the US legal system are unlikely to address deficiencies in the “Schrems II” decision. Therefore, the European Commission will act quickly to develop a solution that blurs the differences between the European Union and the United States to accommodate American exceptionalism.53
 
However, there are fundamental differences in the data protection models of the European Union and the United States, with the former relying heavily on government regulation and the latter focusing more on industry self-regulation and market mechanisms. Collisions and conflicts between their different systems are inevitable, and there are fundamental conflicts of interest between the two sides in the development of the digital economy, so there are deeply hidden troubles in the transatlantic data transmission mechanism. With its advantages in technology, industry, and flexible regulatory system, the United States has no special concerns about the privacy protection and data security issues associated with cross-border data, so it has only established a case-by-case regulatory mechanism. 54 As a result, the European Union and the United States have very different ideas and approaches to personal data protection, and the European Union has doubts about whether the US mass surveillance system can be compatible with EU legal principles, and there is still and long and tough way to go in the cross-border data cooperation between the two sides.
 
D. Digital green certificates: regulation needs to be improved
 
Digital green certificates have facilitated the movement of people during the pandemic and have become an important means for economic, political, and social life recovery. However, since their introduction, they have been subject to constant doubt and criticism. First, whether the certificate is sufficient to ensure public security. As mentioned earlier, the World Health Organization (WHO) has not confirmed that those who recover from infections will produce antibodies against secondary infection, “EDPB and EDPS joint assessment” also holds that there is still little evidence that “immunity” exists in individuals who have been vaccinated or recovered from the virus; in addition, the certificate is subject to a great risk of forgery during the pandemic. Therefore, it is doubtful whether the issuance of this certificate can ensure the security of people’s movement.55 Second, there is a lack of specifications for the certificate’s application. Due to the lack of retention periods, there is no expiration date in the data fields specified by the certificate. In addition, there should be an official disclosure of the entity list of controllers, processors, or recipients of all personal data related to the digital green certificate, to allow EU citizens to exercise their data protection rights under the GDPR. Finally, there are security loopholes with the certificate technology. There have been cybercrime incidents of counterfeit vaccination passports. Europol has issued a warning specifically about such cybercrime incidents, and France, the United Kingdom, Spain, and other countries have been involved in cases involving trafficking in fake digital vaccination certificates. Given the current technical means, criminals can produce high-quality forged certificates.56 The certificate exposes individuals to the risk of their large amounts of data being recorded, and if the corresponding safeguards are not sufficient, then other personal information captured by this digital technology, such as geographical location, religious beliefs, and personal preference, may also be stored centrally. Some EU member states, such as Denmark, Austria, and Hungary, have announced their intention to use the system as well to allow access to restaurants, religious sites, or sports facilities. Therefore, the use of this certificate increases the risk of citizens being monitored by the authorities.57
 
Overall, in the context of the COVID-19 pandemic, the “European solution” is essentially bound by so-called EU values and moral benchmarks and has neither dealt with the privacy protection brought about by digital application technology nor better responded to the public health crisis. On one hand, the European Union claims to achieve “digital sovereignty”, but on the other hand, it is deeply mired in data governance. The EU’s traditional value orientation of overly focusing on privacy protection has led to its loss of advantage in the field of data governance and receiving criticism in public security.
 
V. Conclusions
 
The COVID-19 pandemic has left the European Union trapped in a dilemma of internal and external troubles. EU values are an important weapon for the European Union to achieve strategic autonomy and digital sovereignty. A prime example of this is the Artificial Intelligence Act proposed by the European Commission on April 21, 2021.58 The Act has caused huge controversy, with discussions focusing on how to balance fundamental rights with public security.59 Scholars generally agree that the Act is groundbreaking and an important tool for achieving the digital sovereignty of the European Union, but the existence of “idealized” schemes in it will be an important obstacle to its future implementation.60 Similar to the Artificial Intelligence Act, the “European solution” is a realistic portrayal of “utopianism” in the field of data governance. Fundamentally speaking, the dilemma of the “European solution” stems from the “idealism” of the European Union. It manifests the frustration of the EU integration process in the field of digital governance. Despite the long history of data protection in the European Union, the rapid development of the digital economy has greatly changed the existing model of data protection. As the latest achievement under the background of the modern digital economy, the “European solution” overly pursues a balance between different value demands, which is an important reason for its complexity and controversy. The repeated turmoil created by the COVID-19 pandemic in the European Union is partly the result of Europe’s “idealism”. The failure of the scheme to achieve the desired balance between public security and data protection can be traced back to three contradictions.
 
First, the contradiction between Europeanism and nationalism. Europeans have two overlapping “personalities”. One is “Europeanism”, which means the mutual identification as “Europeans”, and the other is “nationalism”, which means each member state has its own interests, habits, concepts, and so on.61 This contradiction has formed an obstacle to the “pan-European” anti-epidemic framework expected by the European Union at the digital governance level. Second, the contradiction between idealism and realism. Europe’s deep-rooted idealism is also reflected in the EU’s scheme. But an ideal demand cannot be built upon thin air, and it is closely related to practical interests. In terms of digital governance, the EU’s policy is too ideal and ahead of its time, and the various difficulties make it difficult for this ideal solution to be concretized. Third, the contradiction among member states. After the admission of new members, the EU member states have become more complex, even forming small groups to confront the lead states. Regarding data governance, the member states vary greatly in policy execution due to different national conditions and development levels, as reflected in the “multi-speed” model.
 
“Advice from others may help one overcome the shortcomings”. For China, the “European solution” to data governance is a useful attempt to balance public security and data protection in dealing with major crises. On November 1, 2021, the Information Protection Law of the People’s Republic of China came into effect. At the level of data governance, although China started late, the relevant laws and mechanisms are undergoing constant improvements, and it is necessary to “learn from others’ strong points to offset our own weaknesses” in measures taken. At the same time, built upon our institutional advantages and characteristics, we should explore a “Chinese solution” that is competitive in data governance at the international level. 
 
(Translated by NIU Huizi)
 
* LIU Yang ( 刘洋 ), Ph.D. candidate, School of Marxism, Lanzhou University.
 
** LI Yibin ( 李益斌 ), Associate Professor at the Institute of Central Asian Studies and the School of Politics and International Relations, Lanzhou University. This paper is the phased achievement of the major research project of the National Social Science Fund of China (Project Approval No. 21VGQ010), and is supported by the 2021 Central University Basic Scientific Research Project of Lanzhou University (Project Approval No. 21lzujbkyjd002).
 
1. Wojciech Wiewirowski, Carrying the torch in times of darkness.
 
2. Wojciech Wiewirowski, TechSonar: technologies worth monitoring.
 
3. The Global Privacy Assembly, first held in 1979, has more than 130 data protection and privacy organizations, and aims to enable privacy and data protection organizations around the world to communicate, connect closely, support each other and better fulfill their privacy and data protection responsibilities through this platform. The body brings together the most cutting-edge data protection and privacy experts from around the world and makes a significant contribution to the advancement of data protection and privacy around the world. 
 
4. Xinhuanet, “Five Million Lives Lost: The Anti-pandemic Marathon Is Far from over”.
 
5. Kędzior M, “The right to data protection and the COVID-19 pandemic: the European approach”, 21 ERA Forum. Springer Berlin Heidelberg 4 (2021): 533-543.
 
6. McLennan S, Celi L A and Buyx A., “COVID-19: putting the General Data Protection Regulation to the test”, JMIR Public Health and Surveillance 2 (2020): el9279.
 
7. Yang Na, “The Resilience of the European Model: COVID-19 and EU Health Governance”, Foreign Affairs Review (Journal of China Foreign Affairs College) 6 (2020): 74-98.
 
8. Ding Chun, “Characteristics and Implications of Digital Transformation in the European Union”, People’s Forum 25 (2021): 106-109.
 
9. Li Yibin and Liu Yang, “New Situation of Europol’s Data protection in the Post-pandemic Era”, Journal of Information Resources Management 4 (2021): 51-59.
 
10. Gasser U, Ienca M, Scheibner J, et al., “Digital tools against COVID-19: taxonomy, ethical challenges, and navigation aid”, The Lancet Digital Health 2 (2020): 425-434.
 
11. Abeler J, Bäcker M, Buermeyer U, et al., “COVID-19 contact tracing and data protection can go together”, 8 JMIR mHealth and uHealth 4 (2020): el9359.
 
12. Bao H, Cao B, Xiong Y, et al., “Digital media’s role in the COVID-19 pandemic”, 8 JMIR mHealth and uHealth 9 (2020): e20156.
 
13. Fahey R A and Hino A., “COVID-19, Digital Privacy, and the Social Limits on Data-focused Public Health Responses”, International Journal of Information Management 55 (2020): 102-181.
 
14. Dui’c D and Sudar V., “The Impact of COVID-19 on the Free Movement of Persons in the EU”, EU and comparative law issues and challenges series. (ECUC) 5 (2021): 30-56.
 
15. Zong Zhe and Lu Junqun, “Exploring the Boundaries of Data Governance and Artificial Intelligence Applications under the Pandemic”, Science and Technology Management Research 17 (2021): 162-169.
 
16. Carrapico H and Farrand B., “Discursive continuity and change in the time of Covid-19: the case of EU cybersecurity policy”, 42 Journal of European Integration 8 (2020): 1111-1126.
 
17. van Kolfechooten H, de Ruijter A., “COVID-19 and privacy in the European Union: A legal perspective on contact tracing”, 41 Contemporary Security Policy 3 (2020): 478-491.
 
18. Hans Zeisel, “Limits of Law Enforcement”, 91 American Journal of Sociology 3 (1985): 726-729.
 
19. Stehlík V., “Discretion of Member States Vis-d.-vis Public Security: Unveiling the Labyrinth of EU Migration Rules”, 17 International and Comparative Law Review 2 (2017): 127-142.
 
20. European Commission, “EU Security Union strategy”.
 
21. ECDC, Data on the daily number of new reported COVID-19 cases and deaths by EU/EEA country.
 
22. ECDC, Rapid Risk Assessment: Assessing SARS-CoV-2 circulation, variants of concern, non-pharmaceutical interventions and vaccine rollout in the EU/EEA”, 16th update, 30 September 2021.
 
23. Council of Europe, “COVID-19 and Data Protection”,.
 
24. Li Yibin and Liu Yang: “Research on the New Trend of Europol Data Protection in the Post COVID-19 Era”, Journal of Information Resources Management 4 (2021): 51-59.
 
25. Europol, “COVID-19 SPARKS UPWARD TREND IN CYBERCRIME”.
 
26. Wojciech Wiewiórowsk, “Data for the public good: Building a healthier digital future”.
 
27. The ratchet effect, proposed by American economist James Duesenberry, originally refers to the irreversibility of human consumption habits once they are formed, i.e., they are easy to adjust upward and difficult to adjust downward. Here, it can be understood that the extent of digital technology used to fight against epidemics must be regulated, so as not to overdo derogation of fundamental rights and thus sway the cornerstone of democratic society.
 
28. EDPB, “Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak”.
 
29. EDPB, “Statement by the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak”.
 
30. EUR-Lex, “REGULATION (EU) 2018/1725 OF THE EUROPEAN PARLIAMENT AND OF THE COUN- CIL”.
 
31. EDPB, “Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak”, accessed October 19, 2021.
 
32. EDPB, “Mobile applications to support contact tracing in the EU’s fight against COVID-19 Common EU Toolbox for Member States”, accessed October 19, 2021.
 
33. EUR-Lex., “Communication From the Commission Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection” (2020/C 124 1/01).
 
34. EDPB, “Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak”.
 
35. EDPB, “Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak”.
 
36. EDPS, “2020 EDPS Annual Report”.
 
37. European Commission, “ Keynote Speech by Vice-President Jourová on ‘Data Privacy post-Covid-19’ at Euroactive’s Virtual Conference on Data Privacy”.
 
38. EDPB, “Guidelines 2/2020 on articles 46 (2) ( a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies”.
 
39. EUR-Lex, “REGULATION (EU) 2018/1725 OF THE EUROPEAN PARLIAMENT AND OF THE COUN- CIL”.
 
40. EUR-Lex, “REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery to facilitate free movement during the COVID-19 pandemic ( Digital Green Certificate)”.
 
41. EDPB, “EU data protection authorities adopt joint opinion on the Digital Green Certificate Proposals”
 
42. Purtova N., “The law of everything. Broad concept of personal data and future of EU data protection law”, 10 Law, Innovation and Technology 1 (2018): 40-81.
 
43. van Kolfechooten H and de Ruijter A., “COVID-19 and privacy in the European Union: A legal perspective on contact tracing”, 41 Contemporary Security Policy 3 (2020): 478-491.
 
44. Becker R, Thorogood A, Ordish J, et al., “COVID-19 research: navigating the European general data protection regulation”, 22 Journal of Medical Internet Research 8 ( 2020 ): el9799.
 
45. Hannah Balfour, Could GDPR be impeding the global COVID-19 pandemic response?.
 
46. Renda A and Castro R., “Towards stronger EU governance of health threats after the COVID-19 pandemic”, 11 European Journal of Risk Regulation 2 (2020 ): 273-282.
 
47. WHO, “Immunity passports” in the context of COVID-19.
 
48. Savona M., “The saga of the COVID-19 contact tracing apps: lessons for data governance”, 2020: 1-15.
 
49. Vukovich L, Vysotskaya V and Nienaber B., “Coronavirus pandemic in the EU-Fundamental Rights Implications in Luxembourg”, July 2020.
 
50. InfoCuria Case-law, Judgment of the Court (Grand Chamber) of 16 July 2020 ( request for a preliminary ruling from the High Court ( Ireland) — Ireland) — Data Protection Commissioner v Facebook Ireland Ltd, Maximillian Schrems ( Case C-311/18 ).
 
51. Shan Wenhua and Deng Na, “Regulation of Cross-border Data Flow between Europe and the United States: Conflict, Coordination and Reference: An Investigation Based on the Legally Invalid “Privacy Shield” of the Court of Justice of the European Union”, Journal of Xi’an Jiaotong University (Social Sciences Edition) 5 (2021): 94-103.
 
52. European Commission, Keynote Speech by Vice-President Jourovd on “Data Privacy post-Covid-19” at Euroactive’s Virtual Conference on Data Privacy.
 
53. Zalnieriute M., “Data Transfers after Schrems II: The EU-US Disagreements Over Data Privacy and National Security”, 55 Vanderbilt Journal of Transnational Law 1 (2022 ): 21-35.
 
54. Rong Wang, “Policy Awareness and Suggestions for Cross-Border Data Flow: From the Perspective of US-EU Policy Comparison and Reflection”, Information Security and Communications Privacy 3 (2018): 41-53.
 
55. EDPB, “EU data protection authorities adopt joint opinion on the Digital Green Certificate Proposals”.
 
56. Europol, “a Europol Warning on the Illicit Sale of False Negative COVID-19 Test Certificate”.
 
57. Epicenter. works, “EU Parliament adopts the COVID Pass: risks for data protection and new forms of discrimination”.
 
58. European Commission, “Laying Down Harmonised Rules on Artificial Intelligence (Arti ficial Intelligence Act) and Amending Certain Union Legislative Acts”.
 
59. EIPA, “The Artificial Intelligence Act Proposal and its Implications for Member States”.
 
60. Wardyński & Partners, “Artificial Intelligence Act: Will the EU set a global standard for regulating Al systems?”, Alexandru Cir-ciumaru, “Three proposals to strengthen the EU Artificial Intelligence Act”; Bev Townsend, “Decoding the Proposed European Union Artificial Intelligence Act”.
 
61. Chen Lemin and Zhou Hong, The Process of European Civilization (Beijing: The Eastern Publishing Co., Ltd., 2020), 366.
Top
content