The Mainz police have illegally used data from the system behind the Luca app in the investigation of a fall resulting in death in the old town of the state capital. The SWR reports this with reference to its own research. The public prosecutor’s office has since admitted the misuse of the personal information that is collected for the pursuit of contact persons of infected people and apologized for the actions of the investigators.
The investigators did According to the report With the help of the data query, visitors to a restaurant in downtown Mainz are selected. They wanted to win them as possible witnesses for the tragic event in which a guest of the economy apparently fell at the end of November and later succumbed to his injuries. A manager of the restaurant confirmed to the broadcaster that officials from the Mainz criminal police had actively asked for data from the Luca system after the incident.
Later, via the Luca app, she received a request from the Mainz health department for data release regarding the guests present on November 29, reported the landlady. She allowed this. One person concerned confirmed that he had been contacted by the police on December 20, stating that his contact details had been obtained via the Luca app.
“Incorrect assessment” of the legal text
Law enforcement officers are usually allowed to access information from the controversial Luca system, which is used in many public institutions to register visitors Section 28a of the Federal Infection Protection Act not access for data protection reasons. Also the state government of Rhineland-Palatinate explained on their websitethat the data obtained using the Luca app may not be used for “other purposes” beyond contact tracking for health protection. This also prescribes Paragraph 1 of the country’s Corona Control Ordinance.
The Mainz public prosecutor’s office has now confirmed the data query in connection with the case to the SWR. A total of 21 potential witnesses were found and called. This was agreed with the responsible police authority and was due to an incorrect assessment of the Infection Protection Act. In fact, there was “no sufficient legal basis” for the action. The official data protection officer has already been informed and the intention is to also inform the state data protection officer.
At the same time, the law enforcement agency expressed its regret towards those affected and apologized for the access. It is ensured that the data obtained is no longer used. When investigating investigative proceedings, no further relevant processes have come to light so far.
Health authority has “simulated infection case”
The makers of the Luca app condemn it, according to a statement on Friday “this misuse of the data collected for infection protection”. At the same time, they welcomed the announcement by the public prosecutor’s office to “sensitize” criminal prosecutors to the legal situation. They themselves had “no knowledge of the incident”.
According to Luca, the information can only be provided “if the respective health department and the respective company give their consent in the event of an infection and use their individual keys to decrypt the data”. In this case, the Mainz health authority “simulated a case of infection and obtained the consent of the company for the data to be made available” at pressure or at the request of the police.
According to their own statements, the system’s operators receive inquiries from the police and the public prosecutor’s office “almost daily” about contact information for users of the Luca app. These would always be answered with the note “that we cannot deliver any data because we have no technical access to it due to the encryption concept”. When the Luca system did not yet exist, the police in several federal states had already accessed personal data from Corona guest lists in restaurants, cafes and hotels. Bavarian law enforcement officers even took action against petty crime. At that time the legal situation was still unclear.