論德國科技防疫措施下之個資風險與保護法制

Risks and Legal Protection of Personal Data Under the Technological Measures for Pandemic Prevention in Germany

自 2020 年 3 月初起，新冠肺炎（COVID-19）確診案例每日在德國各邦大量增加。為有效減緩疫情惡化，德國國會分別於同年 3 月及 5 月快速通過「全國範圍流行病情勢下之國民保護法」（Gesetz zum Schutz der Bevölker-ung bei einer epidemischen Lage von nationaler Tragweite）及「全國範圍流行病情勢下之國民保護法第二次法案」（Das Zweite Gesetz zum Schutz der Bevölkerung bei einer epidemischen Lage von nationaler Tragweite），以及該法對「傳染病防治法」（Infektionsschutzgesetz, IfSG）等法律條文修正後之授權。其中，增修後之「傳染病防治法」（IfSG）第 4 條及第 14 條，授權防疫機構「羅伯特科赫研究所」（Robert Koch-Institut, RKI）研發「德國電子通報資訊系統」（Deutsches Elektronisches Melde- und Informationssystem für den Infektionsschutz, DEMIS），以投入病毒感染追蹤及防止擴散之用。而此一系統即為德國聯邦衛生部（Bundesministerium für Gesundheit, BMG）及「羅伯特科赫研究所」開發並推動之「新冠病毒警示追蹤 App」（Corona-App）。
在民眾自願安裝後，App 透過行動裝置定位及接觸資料回傳防疫主管機關主機，即時追蹤用戶特定距離內是否接觸確診者與其移動足跡。回傳資料經分析後，可快速篩選出與確診者之可能接觸者，並即刻召回、隔離及匡列下一波可能接觸者。App 用於防疫雖有法源，但其實際應用仍造成德國法學及公衛學界之爭議。因 App 執行時所蒐集的敏感及一般個資，均傳送行政機關進行處理，難以排除個資濫用對人格權及隱私權造成侵害之疑慮。
對此，反對者認為，App 雖係自願使用，但個資蒐集種類、範圍及處理方式並無法律明文，不宜貿然推行。但支持者卻認為，資料保護過度及應用過於保守，才會違反個人「健康完整無缺」之基本人權。正、反意見間雖各有論據，但無共識。對此，本文將從歐盟《一般資料保護規則》（GDPR）及德國相關國內法之觀點，探討德國政府採用追蹤 App 等科技工具進行防疫之適法議題及後續涉及之人權爭議，並以研析結果，解釋相關法律爭議之解決途徑，作為日後研究相關防疫法制之重要參考。

Since early March 2020, the daily number of confirmed COVID-19 infections has grown significantly in all states of Germany. To effectively curb the worsening pandemic, the German parliament quickly passed the “Gesetz zum Schutz der Bevölkerung bei einer epidemischen Lage von nationaler Tragweite” and the “Das Zweite Gesetz zum Schutz der Bevölkerung bei einer epidemischen Lage von nationaler Tragweite” in March and May respectively. It also approved the authori-zations under the laws, which amended the provisions of the “Infektionsschutzge-setz” (IfSG). Articles 4 and 14 of the amended IfSG authorize the pandemic pre-vention agency “Robert Koch-Institut” (RKI) to develop an electronic reporting and information system that will be used to trace coronavirus infections and pre-vent its spread. The aforementioned “electronic reporting and information system” is the Corona-App developed and promoted by the Bundesministerium für Ge-sundheit (BMG) and RKI.
After a user has voluntarily installed the app, it will locate his or her position and transmit contact data to a server of the government agency in charge of pan-demic prevention for real-time tracking of the user’s contact with any infected per-son within a certain distance and for the tracing of his or her movement. The transmitted data will be analyzed and used to quickly identify users who may have had contact with the infected person. They will be immediately recalled and isolat-ed, and the next group of users possibly having had such contact will be identified. Even though the use of the app for pandemic prevention is legally permitted, its actual application has been controversial for the German academic circles in law and public health. When the app is running, all personal data collected by it is transmitted to the executive authorities for processing, regardless of whether such data is sensitive or ordinary. Therefore, it is inevitable that concerns arise over the infringement of personal and privacy rights due to misuse of personal data.
For opponents to the app, despite the voluntary nature of its use, it should not be hastily introduced because the law fails to specify the types, scope and methods of processing the personal data collected. For supporters of the app, however, ex-cessive protection and overly conservative application of such data constitute a vio-lation of the fundamental human rights in the “integrity of personal health”. Both supporters and opponents of the app have their own arguments, but there is a lack of consensus. In this respect, this article will analyze the legality issues and subse-quent controversies of human rights relating to the use of tracking apps and other technological means by the German government for pandemic prevention from the perspectives of the EU’s “General Data Protection Regulation” (GDPR) and the domestic laws of Germany. The result of analysis will then be used for explanation of the solutions to the relevant legal controversies and serve as an important source of reference for the future research of laws on pandemic prevention.