 Good afternoon to you all. You're all very welcome. I'm delighted that you've joined us today to attend our Institute of International and European Affairs webinar on privacy and the pandemic, the role of data protection and data processing in fighting COVID-19. My name is Joyce O'Connor, and I chair the Digital Futures Group here at the Institute. I hope you're all keeping well and staying safe. It goes without saying that technology is impacting all our lives on a daily basis. The question is, however, how can we use technology to redefine problems and create solutions? Today we are adding two other dimensions to this question, the question of personal data and the question of privacy. So how can we use personal data with technology to help us address the COVID-19 crisis? And how can privacy be protected by doing so? I'm very pleased today that we are joined by Boček Viboreski, who is the European Data Protection Supervisor. Boček, you're very welcome, and thank you so much for taking the time out to be with us today. We appreciate it very much because we know you've got a very busy schedule. So Boček will discuss how personal data has and will continue to play an important role in the fight against the pandemic. He will speak for 25 minutes or so, and then we'll go to you, the audience, for questions and answers. You can submit your questions on the Q&A column at the bottom of your screen during the presentation or indeed afterwards, but I really appreciate if you could give your name and affiliation when you ask a question, and I'll come to them after Boček's keynote address. Today's presentation and Q&A is on the record, and the webinar will be available later on the IIEA website. Also, if you'd like to join us on Twitter, please do by using the handbook IIEA. Now, it's my great pleasure to formally introduce our keynote speaker, Boček Viboreski. Boček has a distinguished career, he's serviced and inspector general for the protection of personal data at the Polish Data Protection Authority. He has been the European Data Protection Supervisor since December 2019. Boček, you are particularly welcome here today, and we look forward to your presentation. The floor is yours. Thank you very much. Thank you for the possibility to be with you. Thank you for the invitation from the Institute. Thank you everybody for using your time to expand it, to discuss the problems connected with privacy and data protection, which for me is just a professional job. For many of you, this is not only the thing that you are meeting in your professional life, but also the thing which is interesting. As for the citizens and as for the people whose fundamental rights are observed by the European Union institutions, and most importantly, by the controllers, by the processors, so simply by all those who are processing our data, who are processing information about us. As you were told, I will try not to bore you to death with the presentation for 25 minutes, and after that there will be the time for the question and answer time, mainly connected with this subject, but of course I am ready to answer other questions if I can, if I got the information that might be interesting for you. And if there was something which needs the immediate answer, also during the presentation, please maybe Joyce, you will be able to simply break me and to interrupt me and to ask the question or the need for the explanation from some of the participants. I will try to speak in the most open and easy manner, but as all the people who are dealing with it professionally, I have the tendency to speak with the slang and if I start to speak slang, please stop me and say that I should explain the things. Sometimes we are using some abbreviations that might not be that obvious for the people. I will share my screen and I will share the presentation with you, but actually most of the things which I'm going to talk about are out of the presentation itself and the presentation is only supplementing it with some additional information. So I try to share the screen now and please confirm that you see it in the right manner, is it visible? Okay, great. So as we said, the main subject for today is the privacy and the pandemic and the role of the data protection and privacy in fighting with COVID-19, but also the influence of all this crisis for the attitudes towards privacy, attitudes towards data protection, attitudes towards European Union itself and for the states because we will easily come to the main conclusion which is that the world trust will be present in each and every discussion that we will be dealing with and of course I know this is a kind of buzzword. This is the word which always exists when we start to talk about my fundamental rights and internet when we say about fundamental rights and new technologies and fundamental rights and the states and the administration and all these was present in the biggest crisis that we had in our lives for at least 20 years. Global crisis, which is important, it was not only for Europe, it was not only for the European Union, not only for the Western civilization as we call it, but everywhere in the world because the influence of the pandemics is well visible and sometimes start to redefine the way that we approach the security, the way that we approach the health issues, but also this trust toward public institutions and towards the business and the companies. So I should start, as we always start the presentations in the data protection field saying ladies and gentlemen, the data subjects. I do it in order to stress again that the data, personal data is not the commodity. It's not something that we find in the coal mines. It's not something that lies somewhere on the surface of some other institutions or the companies. But this is an information about me, about you, about our closest persons, about our families, our friends and enemies and this information may touch very strongly our intimacy, our privacy, those things that we usually want to stay either for us or for our families only. The European data protection supervisor as the data protection authority of the European Union institutions, bodies and agencies have been involved in the whole actions that European Union did as far as COVID crisis concerned from the very beginning. For most of you, this complicated construction of the data protection authorities is well known, but for those for whom it is not an everyday matter deal with the European law and the European administration. Let me just say that the European data protection supervisor is not the supervisor of all Europe as far as data protection is concerned. There are still 27 jurisdictions in 27 member states of the European Union. In some of the countries, it's even more complicated that in Germany where part of the issues are solved by the provincial authorities, land authorities. But apart from these 27 jurisdictions, there is the 28 jurisdiction, which is the EU bubble, EU institutions bodies and agencies. If you come to Brussels, and you have a data protection problem with the hotel or with the shop, you go to the Belgian authority. That's the Belgian Commission, which is responsible for the data protection in Belgium. But when you have the problem like that with the EU institutions like the European Parliament, European Commission, or the agency, no matter if it is an agency which is located in Brussels, or the one which is in Dublin, or the one which is in Alicante or Warsaw, then the EDPS will be responsible. But what is the most important for our whole discussion today is the fact that EDPS at the same time is the main advisor of the EU institutions bodies and agencies in all the legislative actions that are taken there. So when there is any kind of discussion about European law, European legislation, then that will be EDPS who will be taking part in it as the advisor of the Commission Council and the Parliament. And also the European data protection supervisor is providing the European data protection board with the secretariat. And here is the main thing which I would like to distinguish at the very beginning of this discussion. This is European data protection board, which is consisting of all the data protection authorities from all over Europe, and who is responsible for harmonized use of the data protection law and harmonized implementation of the protection law and EDPS as a member of it, and also as the main advisor and the supervisor of the EU institutions bodies and agencies. So when the storm came, when we started to deal with the problem, we had surprising response at the very beginning from the member states, surprising, because the response was to divide Europe again, and to start to answer the question on the national level, which was sometimes a surprise, sometimes not a surprise. Of course, you know, as well as I do, that not all the things are harmonized on the all European level. And among those things which are not fully harmonized, we have both health issues, which are usually directed on the national level, and internal affairs and national security and internal security, which is also dealt with by the governments. So one of the first answers that have been given by the countries was to try to stop the flow of the people and try to divide the jurisdictions, administrative constituencies with the borders that we almost forgotten about. I can tell that somebody has stolen my Europe. I was born in totalitarian countries in the East in 1970s, but from 1989 I started to get used to the fact that I can travel around. I can live in many countries at the same time. I can use the possibilities of being European, especially in the Schengen zone, and it suddenly disappeared with the COVID crisis, and we started to get more and more local answers, which were generally based on trust. These buzzwords, as I said, but buzzword which will come back to us time after time, because trust was in the middle of the whole discussions. Let me start from the general observations and then we will go deeper to the technological field, but also to the political answers that were given by the European Union. What can I find out looking back to last months? It happened just before the COVID crisis started. I was about to present the strategy of the European data protection supervisor for another five years for the mandate that I was elected for by the council and by the parliament. And I had to stop it because I found out that in the middle of March I was about to present the strategy which was not answering, not even mentioning the main problem which exists in 2020, which is the COVID crisis. And I was talking about European solutions going towards the global ones, while I found out that the global issue is thought to be answered on the local level and national level. And I have to be somehow referred to data, and this is not only the question towards European Union as the institution, but to all kinds of international corporations in fact. But at the same time, there were the things which I was afraid or scared at the beginning. I thought that one of the main answers that may be given in such an extraordinary crisis that we have will be, okay privacy doesn't matter. We have something more important to deal with, which is the health of the people, which is the life of the people. So we should forget about the privacy. That was what some voices proposed at the beginning of the crisis. But surprisingly somehow for me, the privacy was that high on the agenda of the discussion that whatever kind of the discussion about the answers toward the crisis has started. The privacy started to be one of the things so to be observed all the time, especially if we started to talk about any technical solutions to be used. The second surprise that we can observe after this few months is that the public in Europe generally shown quite a high trust toward the public institutions. Of course, there was a questioning of the competencies. There was questioning of the individual actions that were taken, or the behavior of the public administration or public servants, but generally people tend to think that the state wants to help. That the state should understand and should help and is ready to help. And those people who are actually in the first front line, these are the people who are somehow managed and administrated by the public authorities. In some countries that was quite a surprising thing because people were usually very skeptical towards the public institutions. Another general observation is that the approach was very different from country to country and from population to population. And that was not surprising that much because we knew that nobody was really ready for what happened. But we may say that we tried in Europe at least 20 different ways of approaching the problem. And inside the countries we had very different and very diverse approaches also to technical things. Let me just remind that in the heart of the crisis, there were 800 IT solutions that were proposed to Italian government to help in the COVID crisis. Starting from the huge things prepared by the huge institutions towards the hobby solutions proposed by the individual persons. And the Italian authorities had to dive through that and to find out is there anything really interesting inside and is there anything that may really help. And we had to learn, learn a lot. First of all, learn to talk with each other. And I remember when I started to work as a data protection authority in my own country of origin in Poland in 2010. I never thought that I will have to be a specialist in electricity and energy consumption and energy management in the country. In a year it found out that I had to learn all this because smart mattering wasn't with the subject. Here I found out, and we found out all of us who are working in the public administration, that we have to learn the new language that we never used. We thought that we know how to talk with the doctors of medicine. We thought that we know how to talk about the public health problems. But we found out that the language that epidemiologists are talking with us is different. They use the word surveillance as the useful tool. For the privacy advocate, surveillance is something that scares us, something that means be aware, be ready, be careful about that. For the person dealing with epidemiology, this is one of the tools to be used. Normal one, the expected one, surveillance is something that has to be done. So, as I said, even the problem of exchanging and talking with each other started to be something that we have to be prepared for. Then another thing, this preference for the national solutions and preference for the solutions which will help the society that we are dealing with. So, the language was important, the distribution of the information was important, and moreover, the public authorities in the health sector were somehow deciding on how the information is spread. But we found out very easily that the synergy helps. Also between the countries. One of the things which we may say for the second wave, let's say, of the COVID crisis that comes, or that will come, is that we had 20 paths we took. But now we can compare them. We can find out which of them was better, which was worse. Those countries which are smaller can use the examples of the bigger ones. But also the big ones can say we made something wrong, we can do it the way that the other country tried. That's what UK did, for example, with the contact tracing applications. Then also I have to say that there were many things which surprised me at the end. One of the things which surprised me was that in one of the countries of the European Union, there was a contact tracing app, which was prepared with the huge involvement of the academia, huge involvement of the NGOs, huge involvement of the individual scientists, but in the very open way, actually accepted by all these societies. And it was not in use. Nobody downloaded it. Why? Because nobody in the society was really informed about it. The advertisement didn't work. I was in this country for two weeks. And I didn't hear any advertisement of any public announcement that the application is available, although it was there. So sometimes you can do a lot of things well, but you fail in the last moment or you fail in the point which was not the one that we thought will be the most important. And the ultimate and the most important thing which we learned. We cannot earn trust during the pandemic if there was no trust before. Those countries which had the biggest problem to convince the people to work together to fight with the pandemic using the technological solutions proposed by the governments or proposed by the public authorities. And who didn't build the real trust among the people before had to struggle more. What we also learned was that it's, however, very easy to lose the trust, even if you had it, if you make one mistake. And this mistake might be, for example, that we are not open enough in the solutions that we propose. So that was somehow the starting point when we were going, which we are going from. And it was the final conclusion, maybe not final, interim conclusion that we may do at the moment. We do not need to commit the trade-off between the privacy and the data protection on one side and the public health on the other side because we can talk about all these things together. And democracies can have both of them. And at the same time, the regulators scrutiny, so the involvement of the data protection authorities and the other authorities that are giving the public scrutiny is the must for the government. And on longer term terms, we need to analyze the implications and the solutions that are existing for this endemic problems inside these institutions, inside these networks that were created. So cooperation, cooperation among the regulators is something that we can say as the data protection authorities was important for us. And which, of course, in the complicated world of Europe and complicated world of the data protection in the world is not an easy thing. But once again, what we found was that it was much easier to deal with any kind of technical solutions in order to help in fighting this pandemic. In those countries that already had the checked and existing data protection system, while those that didn't have such comprehensive solutions were struggling more. And we can see it very well in the states where any kind of technical solution is questioned because of the lack of the real oversight of the data. And going a little bit farther, let's say about the technical means that were used and their private privacy implications. First of all, very early in the process, the countries which were touched by the crisis have tried to use the technical solutions and the IT infrastructure and the telecom infrastructure in order to observe what's going on and to fight with the results of the crisis. The apps applications for the mobile phones started to be the first solution that was proposed to the society itself. Some of the countries tried to use the central resources and trying to assess information on central level, but they usually found out that without the current information coming directly from the people, they are blind. The best way to get this information was to use the telecommunication networks and to use the information which is collected from them. But the way it was used was very different. And I may say that there were five main kind of applications that were proposed during this crisis. The easiest and the most common were the information applications so that they were providing with the information about the symptoms, about medical service, about the medical equipment, tools, masks, test facilities and etc. Where can you get them? How can you apply for them? What is the availability of that? But very soon the government started to follow the information from the applications and from the mobile networks in order to find out how the people are moving inside the country and between the countries. And they started to prepare either mobility applications or mobility tracking systems. But because of the fact that the lockout was one of the very first answers that were given, mobility stopped to be that important at the beginning of the crisis. And it starts to be important again now, where we still have the mobility between the countries, although sometimes stop, you probably heard that that's just Hungary a few days ago who decided not to allow anybody from abroad to enter the country if this is not the resident of Hungary. So once again the kind of lockout starts. But as I said mobile apps, though they started to be the solution proposed at the beginning, were forgotten for a while after that. Then we have infection tracing tools, very rare situation, a situation which existed in some countries, for example in Israel, where we were tracking, mainly tracking back meaning assessing where the person was. Those who were infected. And then we had quarantine apps, which were rather the surveillance tool used by the law enforcement authorities in order to, let's say, mobilize those who were under quarantine to follow the rules of the quarantine. And finally contract tracing apps, which were almost a silver bullet for many people to fight with the pandemic, although the specialists both on the epidemiology side and on the IT side were saying that this is only a tool. It may be helpful, but without the normal trades contact tracing. And first of all, without the availability of the tests and the well organized medical help its users. So this is only tool that may help. It may really help a lot. It may put us in the better situation towards the epidemic itself so we can start to go a little bit faster than the infections ago. But as I said, only two. What I'm a little bit afraid of, and I stress it time after time is that we are just before the second wave of applications, which might be a little bit more dangerous. The first one are so called immunity passports and the green codes. So different kind of applications which suggest that you can quantify if you are infected, and you can quantify if the person is a danger for the people around. I'm really very, very cautious. And I would like to be very careful about this kind of actually discrimination that would allow us to think that the application itself and different kind of sensors can tell us if the person can access the place can be the passenger can get into the building. We don't have anything against the temperature checks that are done at the moment, but with the full understanding that once again it does not solve the problem, because the persons who are infected usually do not show the symptoms of the illness. And the person who is infected will not be even, even if tested, maybe it may not be found because that's the too early stage of the infection. So the green passports, the immunity passports is a little bit of a magical approach to what the IT can do. Even if we have the person who was infected and who is healthy after that, who understood the whole COVID disease, we are not sure if the person, if herself or himself is immune, and if the person is not in the danger anymore for the rest of the people around. So we are trying to use the technological answers or let's say binary answers, safe not safe, to the things which we don't understand at the very end. It's a little bit more complicated with the e-health and mobile health solutions. I think that this year we will have the explosion of the mobile health solutions, and it's generally good. I have nothing against that. The mobile health or different kind of wearables that we will use may be really very useful, but once again only if we know what the data is used for and who is using the data, who has access to this data, and how is it operated. That's by the way, the thing that the data protection authorities were stressing from the very beginning, that the data protection law in Europe, during all data protection regulation, but also the other solutions which exist in the countries for the health system are usually well prepared for the epidemics. But even the GDPR has a precise rules which allow to take the special measures in case of the cross-border health problems, but with some conditions to be fulfilled. First of all, we agree that this is an extraordinary situation, and since it is extraordinary, all the solutions that we are creating are temporary. First of all, we first of all know that this is not normal what we do. This is something extraordinary and all kinds of tracing also that we do are extraordinary. We know that that means also that we started to prepare ourselves to how to go out of that, how to resign from the solutions that were proposed. And we know who is using the data, we know for which purpose the data is used, and these purposes are connected only with the fight, with the epidemic fight for the health of the society, not for the other reasons. So the European data protection board was active in preparation of the European solutions, though we were not able, also not ACDPS, to propose one solution for all the European countries. There were some harmonized approaches, there were some harmonized interoperable frameworks that were proposed, but not all European solution has been proposed so far. At the same time, there were some solutions on the business side that were going over the borders and that were helping all over Europe. And one of them is the cooperation between Google and Apple, as far as interoperability of both of the operation systems are concerned, which in my opinion was a very good idea. But of course, to be scrutinized as well, how it looked in the practice, how it worked. In the presentation that I'm leaving to you, you have more information about different kind of applications which were in use in Europe, but also you have an information about the problems that were known already at the beginning, as far as the efficiency of the solutions are concerned. Of course, the diseases which were observed were not the one like like COVID-19, but we had the use of the applications, mobile applications to track the infections in Ebola and some other infectious diseases in Africa. And the several scientific and practical studies on that have been already presented years before the COVID crisis started, but nobody actually among the data protection specialists was aware of the existence of that. That's interesting, by the way, that there were the media specialists who had the studies on the use of the mobile apps at this situation like that, but the data protection authorities and the lawyers as well. And most of the IT and mobile application developers didn't know about such solutions. I gave you, in the presentation, the overview of the most vital discussion which happened in Europe, which was discussing the discussion about the kind of mobile experience you have to be used in Europe. I did it because there was a lot of privacy involved in this discussion, which I'm very happy of. But also in order to show you that actually there was no black and white solution between these applications and these kinds of applications that were proposed as centralized and decentralized. First of all, there were more systems than two. And secondly, nobody was really able to say which of them in practice will work better and which of them in practice is secure for the privacy. Of course, the more decentralized systems where the less information was attributed to the individual person, but actually there was no system which was fully decentralized, there was always some central solution. And secondly, even in those that were theoretically decentralized and theoretically privacy friendly, the applications had also additional features, the additional features which could be turned on or turned off by the user, which were changing the environment totally. And that was, for example, one of the data protection authorities in the European economic area countries who stopped the activity of the tracing up in his country because the location tracing feature of the application, which was an additional one was by default on. The only thing was okay with the general use of the application, but the additional feature, which was collecting a lot of personal data were localized was turned on by default, which means that 90% of users were actually using it. And the only thing was to do it other way around to have it turned off. And you also are probably aware of that the other data protection authority, the Dutch authority has not allowed to use seven consecutive attempts to create the application in his country. Once again, by failing to secure real privacy issues. And in those countries where the solutions were introduced into the market, it might happen as I said in one of the countries before, where everything was okay, but the public awareness campaign was so bad that the application was simply not in use. At the same time, that's probably the last thing which I would like to stress. At the same time, in those countries that discussion was the most open and the scrutiny of the also civic society through the NGOs introduced very largely like Germany. The distribution of the applications was relatively higher than in other countries. And I think that we shouldn't joke about Germans being very strict about the rules and very strict about the social behavior. I think that the main answer that has been given by the German society was there was an open discussion. We know who looked at this, we know what this person saw in this applications, and we believe we trust. We trust because we can see what's going on. So, as long as the solution is not mandatory, as long as the solution is well explained, as long as the solution is shows the effects. So, okay, and the data protection authorities and the data protection law definitely do not stop the existence of such solutions. But you have to show that you are, that you know what you want to use this applications for. And I'm one of the first person who downloaded the application in all the countries that I was in and where the application existed. But I am also one of the first person to ask, do you know what do you use it for? And this is also what the Norwegian authority said to their own government. Why after two months from the introduction of the applications, you still don't have results? Why you have only the pilot projects that you do? Where are the information on how to erase the data? Where are the procedures that you should have in hand? So simply you created something, but it's just a toy. This is not a tool. This is a toy that probably says that the government did something. But it does not say what will be the result of that. And one of the worst things that may happen is that because of the failure, either in creating the awareness or in supervision of that. Or in the first of all, in getting the other facts, we start to introduce more and more, more and more intrusive solutions from the technical point of view. I hope I didn't bore you to death. I'm ready for discussion and I'm ready to answer the questions which definitely go at the moment mostly to the question. Do we really know what happened? Was it really necessary? And will this solution stay with us for the future? Thank you so much for a check. You certainly didn't bore us. It was an absolutely tour de force because I think it was both insightful and informative. And it was really interesting as our audience would be to get your observations. And I think it was really important that you started with the system, that it's about us. It's about our data, ourselves, our family, our friends. And I think that's the starting principle which you emphasize very clearly. But I think your observations also are very helpful. And I think the messages that you have sent out today and the learnings that you've described are very, very relevant. And particularly the issue of communication. Don't assume people know. And I think that's really important. And in a way, you so powerfully described the change in our world in the last six months. That we went from not considering a lot of these things to looking at the whole issue of our own data, privacy and technology. Some very good things came out of it. But I think what was really powerful was, I suppose, and I know you've summarized it elsewhere, that big data means big responsibility. And that doing that, that we have to be ever vigilant, yet knowing how powerful using data like that is. So I think thank you so much for your presentation because I think it's been really helpful and will be important to us. And I'll now go to the questions. One of the questions here, first one is, from your experience of the different European apps, are there examples of best practice you can identify in particular countries? This is from Seamus Allen from the IIEE. First of all, I think that we should for a while forget about the things that we generally think about some countries. And we generally think about their effectiveness of the solutions which are created there. And even sometimes about the democratic standards that exist in these countries. Because one of the countries that gave the very good example to the others, at least in the first part of the fight with the COVID crisis, was Singapore. Singapore is a country which I probably would not recommend as the kind of democracy that I would like to see in the world. Definitely the data protection is not the thing which is on the top of the agenda in Singapore. Although there is a data protection authority but they are not responsible for the public authorities and for the data protection in the public authorities. But at the same time, the way that they addressed the issue of applications to be used for tracing the infections was really exemplary. At least in the first part, because it was open. In the meaning that everybody could see the code, everybody could see what is going on there, everybody could see what is processed and which kind of data states were. Of course later on there was a problem of mandatory use, there was a problem of the use of the persons who didn't give any kind of consent or agreement on the use of these tools. There has been accusations about the use for the wrong purposes. But the first thing, openness was something to be really present. What was also good was that the developers of the Singapore application said while we are preparing something which is good for Singapore society, it does not necessarily work in the other countries. That's one of the things which we have to be in mind as well. That something which is very good in the country A cannot work in country B because of the non-technical reasons. The countries which were dealing the best with the use of this kind of tools were the countries which first of all are more or less isolated geographically. Because then you can somehow control the people entering the country and living in the country. That's for example, there's an example of Singapore but also the South Korea although the South Korean example definitely was not democratic. But that's the first thing. The second thing, those countries that were generally in the state of kind of alert shown more willingness, people show more willingness to apply the solution proposed by the government. So Taiwan, South Korea, Singapore again, the countries which present themselves as being under the threat from abroad, the societies are more tempted to follow the instructions of the government. While those countries that are mainly in the mainland of the continents and who are not presenting their societies as those being endangered by some external forces are probably more discussing and having more doubts about the solutions. Anyway, openness is definitely one of the things that I would propose. The second thing I would propose the involvement of the not only data protection authorities, not only the supervisory authorities but also the public scrutiny to the different kinds of NGOs, consumer organizations on the very early stage. There were also the situations where some of the international humanitarian organizations were taking part in the preparation of such a solution. Well, we call Austrian examples and the involvement of the Red Cross and the preparation of the application there. These were the solutions from the organizational point of view which I would propose. If we think about the technical solutions, it has been somehow proved that the results so far, the best results as far as the contact tracing apps were shown by the Bluetooth low energy systems. While the telecom data is hardly useful for the contact tracing purposes and what is once again important is the raising awareness among the people that the solution exists and the solution will be useful only if the certain amount of the population will be using the IT solution. I think your point is very well made and I think it can be really used for other communications, letting people know about things and involving them. And of course, as you say, the main thing is trust. You know, it's interesting in Ireland, the Irish Computer Society did a study back in April. And interestingly enough, whether people would at this stage, it was for the contact tracing app, would they be willing to use personal data or medical data to help fight the pandemic. And interestingly enough, 80% of the population said yes. But I think even more so interesting between 18 and 24, 93% said they would use it and the over 55s. So the willingness of people is there but you still have to provide that trust in order to actually move things forward. And we have to remember that there are two different questions. The first question is, will you give your personal data in order to help to fight the pandemic? And 90% of people will say yes, of course I will. But if you ask, will you do it giving it to the Ministry of Interior? Yes. Probably the answer might be different. So what is very important is to show that there is a synergy between the fact that there are authorities who know what to do or the organization does not need to be the public authority, but it can be the organization that know what to do and the willingness of people to help. I'm sure that all of the people who are here would say I would do everything they could to help to fight with the pandemic. But it's a different thing when you ask, would you give it to European officials in Brussels to decide about what's done with your data? Would you allow Vyborowski to deal with your data? You will probably have 5% of people who will say that Vyborowski is the person to create the application. And I'm not surprised because I cannot code. So that there should be, it should be well explained that those people who are preparing data are those who know how to do it from the technical point of view. Those who know how to do it from the fundamental rights point of view. But first of all, that they know what to do it for the health reasons. So there are epidemiologists who are taking part in it. They are the doctors of medicine and over them there is a real infrastructure of the health system and of the civil servants, but also the volunteers that are taking part in the preparation of the whole country solution for the pandemic situation. Yes, I think that point is very well made. And just on the, the Irish situation, you know, a million people downloaded it within 2048 hours because there was that connect. But I think it's really interesting, your point about that ecosystem of knowledge, which covers a whole array of specialties, particularly mental health or public health specialist, but also mental health civil servants. And when the politicians come in, I think countries, I don't know if countries who have left the data discussing the data, its implications, what has happened, what is happening, what we should do is often better delivered by people who are trusted, who have the facts and who are scientists. I think, what do you think? I don't want to say if the scientists are the most trusted persons in the society. But I think that there is a work to do to find out those who can really present something from the scientific point of view, who can do it from the legal point of view, but also those who are sometimes celebrities, who know how to communicate, how to touch the people, how to talk with them, how to explain the things. Sometimes two sentences said by the TV star is more influential than something which is said by the best scientists that you have in the country and that probably is unknown for the 99% of the society. But what is important to show is that these people are working together. And they are all together. They are very good examples of, I don't know, for example the Prime Minister of New Zealand. She is a wonderful lady, but definitely she is not the one that is inventing these things. She is the politician who knows how to present it to the people. But there is a group of the people over there behind her and you can show that this is organized. And if I can have some doubts about the whole European approach to this subject, is where we are really convincing, showing that there is a European Union solution that we can propose for this subject, or there will be more and more people in Europe who will be saying that when we had a crisis, we had to go to the national level and to solve it on national level. While the real reason for that was that we do not have the harmonization of the health systems between the countries. Yeah, I mean you have called for this European contacting tracing out to be lost. Do you believe that would there be an effective response? I think that if we create the interoperable solution, interoperable framework for that, that will be enough. Because I'm not surprised that the Portuguese person wants to have this information in Portuguese, applied the way that is done in Portugal and not necessarily the one which is in Estonia, which is Poland. So I'm not surprised that much that it may differ from country to country, but at least the collection of the data and exchange of the data should be done in the interoperable framework. Well, I live right now in Brussels, which is a very cosmopolitan town, and I'm sure that in the building where I'm working in, there are the people who have the mobile phones of the companies from 20 states of Europe. My private telephone, which is just next to me on the table, is provided by the Polish company, and I have to even observe these famous fair play rules between the operators. So there are different applications, there are different mobile phones which are around, it's enough if they are interoperable, and that's why I said that I welcome, for example, the cooperation between Apple and Google, creating the common environment. That's the part of interoperability that should stay. Yeah, thank you for that. There's one question, I think time is catching up, and I think unfortunately it has to be our last, but it's from the University of Turin. And to ask the question, do you think that COVID-19 outbreak and the relevant measures justify use of technology, tools of practice deviating from usual data security standards in medical devices with the aim of facilitating speedy and safe response to health emergency situations? It's hard for me to say about the solutions which are proposed for the medical devices in the medical law, but I may say yes, the extraordinary situation allows us to use extraordinary tools, but the conditions in Equanon for that is that we know that it's temporary, we know it's extraordinary, we know who is doing that for which purpose, and we know who is controlling that, who is scrutinizing that. We have the system to assess what happened and what is happening with this data, so I'm not surprised that we are using the special tools. That's a little bit like asking, can I use the blanket of my neighbor to extinguish the fire in my own house? Yes, I can, but I have to know that I'm destroying the blanket of the neighbor, and I probably will be responsible for that, and there is somebody who is able to check, was it my blanket or was it his blanket? Yes, so there should be the supervision, there should be oversight, and even if we think, if we go out from the panel responsibility or financial responsibility, there is a need to assess now what did we do in these last months in order to do it better the next time it will happen. Well, unfortunately, time has cut off with this voice check, and I want to thank you for your excellent presentation, a tour de force, and we are left with a lot of clear messages, tremendous communicator, I have to say, but emphasizing the importance of communication, trust, and again, that the responsibility about using that data, as you said there, has also, you know, using big data means that enormous responsibility, but we have the capability, and I think the learnings that you have documented there for us will help us in the future. So thank you very much for that, it was really, really very, very interesting and insightful. I'd like to thank for the questions as well. Yes, I was just going to say to thank our audience for their attendance and for their active participation and questions, and also you'd be glad to know that on the 17th of September, if you could link in, and I hope our audience will be, we have Cameron Kerry, you know, from the Brookings Institute, and as you know, he's focused on privacy and data transfer, and I think he has a provocative title, Wojciech, which I think you'd appreciate, the European Court of Justice challenges the world. I think that is quite provocative and then we'd see what happens. I'm not surprised by this title, but I also know that Cameron is approaching the things like that, not only as a scientist from Brookings Institute, but also as a person who had a lot of experience, both in the business, but also in the public administration. Well, I got to know him in 2012, I guess, as the representative of the American Administration. We tell him we were talking to you when we talked to him in a week or so, and I'd like to thank our IEA production team, Sarah Quirk and Lorcan Mullally and the team, and Seamus Allen, our policy researcher who contributes a lot to this webinar. But most of all, I want to thank you, Wojciech, for a really excellent presentation, and we wish you well and we wish you every success in your work, and we hope to see you, of course, in Dublin at a later stage when things have moved on, hopefully sooner rather than later. Thank you very much. I lost two possibilities to go to Dublin because of the COVID crisis. Thank you very much again, and thank you, and we look forward to seeing you all again.