Category: Data rights

Kosovo Lawmakers Play Politics with Personal Data

Posted on by BIRD

Personal data and the right of access to public information remain largely unprotected in Kosovo after parliament failed again to elect a Commissioner for the Information and Privacy Agency, IPA, leading critics to accuse lawmakers of playing politics with citizens’ rights.

The Information and Privacy Agency, IPA, had asked the parliament to give its director, Bujar Sadiku, the powers of the Commissioner of the Agency despite the failed recruitment process for the post.

The request was rejected by the parliamentary Committee on Security Affairs as illegal, however, and civil society groups on Thursday publicly asked the Presidency of the Assembly, especially the Speaker, Vjosa Osmani, to be vigilant and ignore such illegal requests.

On August 14, none of the three candidates for the post received the required 61 votes, the third time in two years that parliament failed to appoint a Commissioner, failure analysts attribute to narrow political interests. The British embassy, which has assisted in the recruitment process, said British experts had been withdrawn.

Flutura Kusari, a legal adviser at the European Centre for Press and Media Freedom, who voluntarily monitored the recruitment process, said the British decision was a good one, but was “bad news” for Kosovo.

“It is not logical financially or politically for an ally to invest this much in a clearly politicised process,” Kusari told BIRN.

In its five years of existence, “the agency has failed from the beginning to protect our personal data,” she said. “If the Commissioner will be politicised, s/he can become a censor of public information, pleasing politicians.”

Starting ‘from zero’


The meeting of the Kosovo Committee on Security and Defence, where the annual report of the Information and Privacy Agency, IPA, for 2019 was reviewed, presented by IPA director Bujar Sadiku, June 16, 2020. Photo: Official Website of Kosovo Assembly.

Without a Commissioner, Kosovo has no institutional mechanism to implement the Law on Access to Public Documents and the Law on the Protection of the Personal Data.

The first two attempts to appoint a Commissioner failed in May and July last year due to the fall of the then government and the dissolution of parliament after the prime minister at the time, Ramush Haradinaj, resigned on being summoned for questioning by war crimes prosecutors in The Hague.

Without a Commissioner, citizens of Kosovo have no institutional means to complain and seek justice if a public or private body violates their rights to protection of their personal data or access to information. Civil society groups say that without an independent overseer, the agency could become biased in fining particular institutions or officials.

British-approved candidates

Twelve people applied for the position, cut down to five after a review of the applications. Each of the five candidates went through a two-day interview process, after which a commission selected three to be submitted to parliament.

They were Bujar Sadiku, Krenare Sogojeva-Dermaku and Muharrem Mustafa. Sadiku and Sogojeva-Dermaku had received the approval of the British Embassy as the best candidates.

The IPA is unable to impose fines on bodies that violate the law due to the absence of certain internal acts that should be signed and submitted to the government by the Commissioner, Jeton Arifi, head of the Access to Public Documents Pillar at the agency, told BIRN.

If a bank, for example, accidentally or intentionally revealed the account details of a customer, that customer would have to take the bank to court, a lengthy and potentially expensive process during which the bank could continue violating the law.

“The persistent failure to select the head of our authority is continuing to cause consequences in the prolongation of internal processes, which should have been concluded within six months from the entry into force of the relevant law,” Arifi told BIRN. The Law on Personal Data Protection entered into force on March 11, 2019.

Politicians can ‘hijack’ process

Without a Commissioner, the IPA is also unable to hire new staff and has had to halt a twinning project with Germany and Latvia.

“Now everything will start again from zero,” said Fatmire Mulhaxha Kollcaku, who heads parliament’s Committee on Security and Defence and led the interview panel for the Commissioner’s job.

“As long as we don’t have an independent institution with a competent Commission, we have two unenforceable laws,” said Mulhaxha Kollcaku, and questioned how the recruitment process would continue without the British involvement.

The British embassy said on August 17 that it would not spend British taxpayers’ money on repeating a process that had been conducted properly but which failed to end in the appointment of a Commissioner. Under the agreement with the embassy, parliament is obliged to endorse an approved candidate.

“The non-appointment of any of them calls into question the stated commitment of political parties to implement the Memorandum of Understanding (MoU) with the British Embassy, ​​but more importantly, it sends a negative signal to independent professionals in Kosovo and their hopes to contribute in Kosovo Institutions,” the embassy said.

“Any public appointment should take into account only the interests of the country and its citizens, and not the narrow party interest.”

Without the British involvement, politicians can “hijack the process and elect politically involved people with no actual skills for the position,” warned Kusari.

Taulant Hoxha, CEO of the NGO Kosovar Civil Society Foundation, which supports the development of civil society with a focus on EU integration, told BIRN:

“It is painful that the Kosovo Assembly has to sign security agreements with foreign embassies in order to be able to elect a Commissioner. It would make sense if only the human, technical, and methodological resources to be provided with funding from the British Embassy because the Assembly of Kosovo is a new institution.”

SEE Digital Rights Network Established

Posted on by BIRD

Nineteen organisations from Southeast Europe have joined forces in a newly-established network that aims to advance the protection of digital rights and address the growing challenges posed by the widespread use of advanced technologies in society.

Initiated by Balkan Investigative Reporting Network, BIRN, and SHARE Foundation, the SEE Digital Rights Network is the first network of its kind focused on the digital environment and challenges to digital rights in Southeast Europe.

The network brings together 19 member organisations – from Albania, Bosnia and Herzegovina, Croatia, Greece, Kosovo, Montenegro, North Macedonia and Serbia – dedicated to the protection and promotion of human rights, both online and offline.

Each is committed to advancing their work on issues of digital rights abuses, lack of transparency, expanded use of invasive tech solutions and breaches of privacy.

Since the onset of the COVID-19 pandemic, Central and Southeast Europe has seen a dramatic rise in the rate of digital rights violations, in countries where democratic values are already imperiled.

“This endeavour comes at a moment when we are seeing greater interference by state and commercial actors that contribute to the already shrinking space for debate while the exercise of basic human rights is continuously being limited,” said BIRN regional director Marija Ristic.

“The Internet has strong potential to serve the needs of the people and internet access has proved to be indispensable in times of crisis such as the COVID-19 pandemic. Our societies are becoming more digital, which presents a powerful incentive to increase the capacity of organisations dealing with digital developments and regulations in our region.”

Illustration: BIRN

During a first joint meeting, the members of the network agreed that the challenges posed by the fast-evolving tech solutions used by states have led to infringements of basic rights and freedoms, while false and unverified information is flourishing online and shaping the lives of people around the region.

The online sphere has already become a hostile environment for outspoken individuals and especially marginalised groups such as minorities, LGBTIQ+ community, refugees and women.

“Digital technology is profoundly changing our societies as it becomes an important part of all spheres of our lives, so we see the diversity of organisations that joined this network as one of its biggest strengths,” said Danilo Krivokapic, director of the SHARE Foundation.

“We can learn so much from each other’s experience, as we have similar problems with governments using technology to exert control over society, especially in times of crisis such as the COVID-19 pandemic,” he said. “It is also important that we act together when we are trying to restore the balance between our citizens and big companies (Facebook, Google etc) that hold enormous amounts of our personal data and through this exert significant power over us.”

The network’s aim is to build on the skills, knowledge and experience of its members to achieve common goals such as strengthening democracy in the region and protecting individuals in the digital environment.

While cherishing the values of safety, equality and freedom, the work of the SEE Digital Rights Network will be directed at achieving the following goals: to protect digital rights and internet freedoms, enable people to access accurate information, make the internet a safer place, detect and report hate speech and verbal violence online, especially against women and other vulnerable groups, identify online recruitment, which can lead to exploitation, take control of  personal data, work to prevent the implementation of intrusive surveillance systems, hold governments accountable for the use and abuse of technology and improve digital literacy in order to prevent violence and exploitation.

The network will aim to increase the level of understanding of complex and worrying trends and practices, trying to bring them closer to the general public in a language it can understand. By creating a common space for discussion and exchange, organisations and the media will be able to increase the impact of their individual efforts directed towards legislative, political and social changes.

For more information about the network please contact: sofija.todorovic@birn.eu or/and nevena@sharedefense.org.

Here you can find the full text of the SEE Digital Right Network Declaration. The Declaration is also available in BCS, Macedonian and Albanian.

The organisations that have joined the network are as follows:

  1. A 11 – Initiative for Economic and Social Rights – Serbia
  2. Balkan Investigative Regional Reporting Network (BIRN) – Bosnia and Herzegovina
  3. Centre for Civic Education – Montenegro
  4. Center for Internet, Development and Good Governance (IMPETUS) – North Macedonia
  5. Civic Alliance (CA) – Montenegro
  6. Civil Rights Defenders (CRD)
  7. Da se zna – Serbia
  8. Gong – Croatia
  9. Homo Digitalis– Greece
  10. Open Data Kosovo (ODK) – Kosovo
  11. Media Development Centre (MDC) – North Macedonia
  12. Metamorphosis Foundation – North Macedonia
  13. Montenegro Media Institute (MMI) – Montenegro
  14. NGO Atina – Serbia
  15. Partners Serbia – Serbia
  16. Sarajevo Open Centre – Bosnia and Herzegovina
  17. Share Foundation – Serbia
  18. Vasa prava BiH – Bosnia and Herzegovina
  19. Zašto ne? – Bosnia and Herzegovina

North Macedonia: Facebook Pages Target Users with ‘Identical Content’

Posted on by BIRD

The Atlantic Council’s Digital Forensic Research Lab, DFRLab, which works to counter disinformation online, says its researchers have found dozens of Facebook pages linked to at least 10 Macedonian news outlets, demonstrating “several characteristics pointing to coordinated activity, including the near simultaneous publication of identical content”.

While some of these Facebook “assets” acknowledged their connection to the outlets whose content they were amplifying, others had no known connection.

“The assets also demonstrated signs of inauthenticity, as they were created as various interest pages, but ultimately promoted content from news sites to which they disclosed no connection,” DFRLab said.

It added this was clearly an efficient strategy, as the pages in every network had more followers than the official Facebook pages of the promoted media outlets.

A total of four separate networks or subsets of coordinated Facebook assets were amplifying content published by some of these websites: Republika Online, Kurir, Denesen, News24, Puls 24, Galama Club, among others. 

Only one of these is a tabloid. The others publish mostly political content: one of the outlets is openly pro-opposition. The others offer more balanced reporting on internal affairs. 

DFRLab research found coordination within networks of pages, but not across the four networks. There was also no sign that North Macedonian media outlets themselves managed the inauthentic networks.

The Facebook pages were created between 2009 and 2018 and were mostly managed from North Macedonia. Some were managed from the US.

According to DFRLab’s research, some of the Facebook pages seemed connected to Adinamic Media, which publishes news sites supporting the main opposition VMRO-DPMNE party. 

This media company is believed to have links with the Hungarian pro-government public TV network, Magyar Televizio, MTV.

Researchers said the presence and success of these networks had added to the political polarization in North Macedonia ahead of early parliamentary elections due this year. 

“The use of an inauthentic network on social media may enable political forces to mislead people and spread manipulated content to garner voter support, raising a concern on the integrity of the electoral process in the country,” DFRLab said.

VMRO-DPMNE, Putin and right-Wingers

Different pages amplified the same content at the same time from the same media outlets. Red boxes highlight posts from official Facebook pages of Vistina and Republika showing simultaneous posting by official and amplifier pages. Photo: Courtesy of DFRLab

According to the research, the first network consisted of seven Facebook pages that were amplifying articles published by Republika Online, Kurir, Denesen and Vistina

Vistina is a tabloid and doesn’t cover political topics. The remaining three mainly report on political issues and feature pro-VMRO-DPMNE views. All are owned by the same media holding, Adinamic Media, which is connected to Hungary’s MTV, the report said.

According to the Organized Crime and Corruption Reporting Project (OCCRP), a former senior executive at MTV, Agnes Adamik, established Adinamic Media in 2017. The company then purchased a majority of shares in three media companies in the country, mostly supporting VMRO-DPMNE.

According to some experts, these acquisitions helped Hungary’s Prime Minister, Viktor Orban, expand his and his country’s influence in the Balkans. They also supported his then ally in Macedonia, Nikola Gruevski, who obtained asylum in Hungary after fleeing a prison sentence in his home country in 2018.

The Facebook pages in this network posted almost identical articles and at the same frequency. The total number of followers of the seven pages was more than 690,000, while the official Facebook pages had less than 300,000 followers.

“This may indicate that since these outlets had not been successful in growing audiences for their official Facebook pages, they decided to create coordinated networks to amplify their content,” the researchers say.

The second network comprised 17 Facebook pages publishing content from three news outlets: Markukle, News24 and Signal. These also report political issues, but their content is not openly anti-government. 

Some publish supportive articles on Russian President Vladimir Putin, portraying him as an influential leader who upholds traditional values and helps friends in need. News24 sometimes amplified Russia Today and Sputnik videos.

As for the third network of pages, the DFRLab researchers found that the “amplifier pages … may be connected to Filip Petrovski, a right-wing presidential candidate in the 2019 North Macedonia presidential elections and a former member of VMRO-DPMNE party”.

Petrovski opposed the country’s change of name to North Macedonia and has called for the cancellation of the related Prespa agreement with Greece, signed in 2018. Petrovski also posts News24 articles on his own Facebook account.

Two pages in this network had names related to Petrovski, and their “about” sections contained details from his biography and political views.

The fourth network of Facebook assets amplified content published by two outlets, Net Medical Diet, which reports on health, and Galama. According to the research, the eight amplifier pages were managed from North Macedonia and from the US.

DFRLab also found five Facebook pages amplifying content from outlets owned by EM media, in which Adinamic Media has a majority of shares.

“Although the DFRLab was not able to identify coordination between them, there is a likelihood that EM Media was using these assets for content promotion,” the report said.

Computer Virus Stops Sarajevo Municipality Issuing Birth Certificates

Posted on by Ivana Jeremic

A Sarajevo municipality has temporarily stopped issuing birth certificates due to a computer virus that locks documents in its database for the second time in some two weeks.  

The central Centar Municipality, whose offices are next door to the Bosnian presidency building, said on its website that the problem caused by a “ransomware virus” was detected on Saturday. Such viruses typically block computer systems and their originators demand payment in exchange for removing them.  

But the municipality denied that it was the target of a hacker attack, or that the central electronic register with all birth and death certificates in Bosnia’s Federation entity was in danger of being wiped out, as the Interior Ministry of the Federation entity was quoted as saying by the media.   

“Information about a targeted attack on the IT system of the Center Municipality and the destruction of the registar and documents is not true,” the municipality said. It added the problem was reported to the police, as it was the second time in a little over two weeks that this happened.  

On May 22, the municipality reported on its website that the issue of birth, death and marriage certificates was stopped because of “an electrical problem” but added that it was soon resolved.

Bosnia lags behind with the introduction of e-government, but the Centar municipality has provided a number of services electronically. 

Insults, Leaks and Fraud: Digital Violations Thrive amid Pandemic

Posted on by Ivana Jeremic

From January 26 to May 26, BIRN collected information about 163 cases of breaches of digital rights in Bosnia and Herzegovina, Croatia, Hungary, North Macedonia, Romania and Serbia.

Sixty-eight of the cases related to the manipulation in digital environment, while 25 related to publishing falsehoods and unverified information with the intention to damage someone’s reputation.

BIRN’s monitoring of digital rights, developed together with the SHARE Foundation, has shown that ordinary people were the most affected by such violations, with members of the public being the target in 126 of the cases.

State institutions or state officials violated digital rights in a total of 37 cases, meanwhile.

States rarely addressed the abuses arising from these violations, and in 45 cases, the perpetrators were not identified, while 139 of the total of 163 cases were not resolved.

Eight cases were the result of pressure related to the publication of information, 12 were linked to insults and unfounded accusations and 11 were hate speech and discrimination.

Medical and personal data breaches featured in 18 cases, computer fraud was registered on 11 occasions, while the destruction and theft of data and programs happened in three cases.

Beyond the countries listed above, BIRN noticed an unprecedented rise of digital violations in Montenegro and Turkey, where there were arbitrary arrests and data breaches.

Hackers, data breaches and illegal processing


Infografic: BIRN

Leaked documents, fake websites and the publication of people’s personal and health data have been commonplaces during the ongoing pandemic, but the scale and consequences of the breaches and of the illegal processing of data has yet to be established.

Speculation about the number and identity of COVID-19-infected people led to the mass exposure of personal and private data on social media and messaging platforms. In some cases, the leaks were small in terms of data, but had potentially serious consequences, particularly in situations in which patients’ personal data was revealed.

The most serious cases were reported in Croatia, North Macedonia and Montenegro.

In March in Croatia, a message containing a list of infected patients was shared among people living on the island of Murter, mostly through messaging apps.

Illegal personal data processing and privacy breaches took place in North Macedonia as well. The country’s Agency for Personal Data Protection filed criminal charges against an unknown person for publishing the personal data of people living in the town of Kumanovo.

The public in Serbia became concerned when it was discovered that the login credentials for Serbia’s information system for analysis and storage of health data during the pandemic were publicly available on a health institution website for eight days.

Citizens of Montenegro suffered most from stigmatisation due to a number of leaks of COVID-19 patients’ records. The infected patients’ identities were revealed in posts on social media, sparking hate speech against them.

Individuals who were violated self-isolation measures were also targeted, and often, it was governments that were revealing their personal information.

In Bosnia’s Serb-dominated entity, Republika Srpska, authorities launched a website on which they published the names of people who did not follow the entity’s self-isolation measures. The list can still be found online.

As a measure against the spread of the coronavirus, Montenegro’s government published a list of individuals who were put in self-isolation after  returning home from abroad. The lists, structured by municipalities, include the individuals’ names, surnames, the date when they were put into isolation, and their home addresses. The list was only removed a month after it was published.

People were also targeted by hacker attacks and fraudulent messages or emails, usually trying to collect their personal information or request payments to foreign banks or crypto-currency accounts, as cybercriminals took advantage of the public concerns and confusion created by the pandemic.

Scams, phishing campaigns and cyber-attacks exploiting people’s fear of COVID-19 were most common in Croatia, Serbia, Hungary, North Macedonia and Romania. The Romanian cybersecurity giant Bitdefender said in March that such attempts at fraud “have risen by 475 per cent in March as compared to the previous month”, and were expected to keep increasing.

Threats, hate speech and discrimination


Infographic: BIRN 

While some countries limited the scope of the freedom of speech during the pandemic, some people used their online freedom to unleash threats, insults, discriminatory posts and hate campaigns.

BIRN’s overview looked at several categories of violations:

  • Hate speech and discrimination
  • Threatening content and the endangerment of security
  • Insults and unfounded accusations
  • Falsehoods and unverified information directed towards the damaging of reputations

In total, more than 15 per cent of all the cases that were monitored included one of these violations. The largest number –

This type of online behaviour was often combined with the use of fake accounts and the paid promotion of false content.

The people most commonly affected by the digital violations that were monitored were journalists, medical professionals and people in quarantine.

Discriminatory posts and acts were directed mostly towards refugees, Chinese and Jewish people, women and the Roma community, with the largest number of such cases occurring in Hungary.

Gender-based discrimination was reported in Serbia, where the victims were predominantly politically-engaged individuals and journalists who criticise the government.

Threats and calls for violence against the police in Serbia and Bosnia and Herzegovina were found on Facebook. In both cases, authorities reacted promptly and perpetrators were identified and detained. In North Macedonia two police officers were fined for having taunted and offended people on social networks.

Violations related to damaging reputation predominantly affected governments’ political opponents, independent media and journalists.

Serbia was the country with the largest number of posts aimed at damaging the reputation of independent journalists. In three of four cases of publishing falsehoods, the journalists who were targeted were women.

Journalists were also targeted in North Macedonia and Hungary.

Pressure and arrests for publishing information


Infographic: BIRN 

Due to the highly controlled media landscape and poor level of media literacy in the countries that were monitored, the public was overwhelmed with contradictory information and had much more difficulty in recognising false and misleading information during the pandemic than usual. At the same time, the public’s need for timely and proper information had never been bigger.

While the flow of information continued to grow immensely, states started to arrest citizens for posts on social media over the accusation they caused panic and unrest. Some countries imposed authoritarian regulations that limited the flow of information.

Members of the public, media representatives and politicians were arrested and fined for their writings on social media, often without any clear criteria. Journalists were arrested in Serbia, Kosovo and Turkey.

Arrests and fines have become one of the main tactics to counter fake news and violations of restrictions imposed by all governments in the states that were monitored. In Hungary, Serbia, Bosnia, Croatia and North Macedonia, top state officials warned the public that they faced immediate sanctions for spreading fake news amid the pandemic.

From conspiracy theories to false measures


Illustration: BIRN 

Out of 163 cases, the largest number, 68, were linked with the misuse or manipulation of information. They mostly concerned different fake news, the use of false identities online, the sharing of conspiracy theories, or posts classified by the authorities as causing panic and disorder.

Some of the topics that were misused in this way included:

  • Medicines that can cure the coronavirus, vaccines and laboratory tests
  • Disinfection procedures
  • Tips and advices on how to cure the coronavirus
  • The number of infected people
  • Information about infected people
  • Information on medical institutions and their work
  • The start of the virus and how it developed
  • State measures and actions that have never been declared nor taken
  • Supermarkets and food shortages
  • 5G
  • Other conspiracy theories
  • Online education and information relevant for students
  • Offensive posts and videos about quarantined citizens and about people who arrived from a foreign country
  • Disturbing announcements about the COVID-19 outbreak

In some countries, such as Serbia and Hungary, levels of media freedom are low, with mainstream media often spreading disinformation, while independent media are called fabricators of lies by the authorities.

Nearly 25 per cent of all cases of the misuse or manipulation of information were resolved in some way. The outcomes included:

  • Website or content removal by the state
  • A request for the removal of the problematic post
  • Detention or arrest of a person
  • Official statement about the incident or a public apology

In Romania, most cases in this category ended in content removal. In Serbia, Hungary and Croatia, arrest was the most common outcome.

Manipulated information, conspiracy theories and unfounded claims emerged en masse on social media platforms and news website when most of the countries introduced emergency measures.

Disinformation was most intensively distributed via YouTube, where content blamed the expansion of 5G technology for the COVID-19 outbreak, or blamed multinational companies or foreign governments for the pandemic. In Croatia, one person even destroyed WiFi equipment, thinking it was 5G infrastructure. Mentions of the alleged influence of 5G networks on the pandemic was noted in Romania and Serbia, both on news websites and on social media.

News websites in Serbia, Romania, Hungary and Croatia often published manipulative content that included false information.

April was the month with the largest number of cases reported in this category. Some  30 out of the total 68 cases of manipulations in the digital environment were registered that month.

Information circulating in April and May, which was manipulated or false, mainly referred to the curfew, the number of COVID-19 patients and tests, students’ exams, people in quarantined, 5G transmitters, enforced microchipping and the funding of religious communities. In almost all cases from this category, members of the public were ones affected.

The rise of ‘unknown’ attackers


Illustration: BIRN

In comparison to the cases of online violations reported before the COVID-19 outbreak, BIRN’s monitoring noted a significant rise in cases in which the perpetrators cannot be identified. The number of these cases increased tenfold on a monthly basis.

These unknown perpetrators have been creating Facebook pages, using the virus situation to persecute independent journalists and others, send fraudulent messages in order to destroy computer software systems or steal money, and creating fake website accounts to spread conspiracy theories or medical disinformation.

Unknown perpetrators have also been responsible for computer frauds, the destruction and theft of data and for making content unavailable using technical skills. Hungary had the most cases involving unknown perpetrators, mainly related to computer fraud.

Cases have also shown how states can be violators of digital rights and freedoms. The increased number of cases which ended in arrest or detention revealed the tendency of states to use more power than was necessary, particularly to arrest journalists and citizens for posts on social media.

From having double standards when it comes to reactions to fake news to using their authority to silence people, governments often acted against the interests of their own citizens. According to the monitoring findings, in almost 25 per cent of all cases, the state itself or a state official was described as the perpetrator of a violation of certain guaranteed rights or freedoms.

On the other hand, members of the public were the victims of violations in 126 cases.

Media regulations across the region have been tightened under states of emergency and journalists have been arrested on accusation of spreading misinformation about authorities’ responses to the spread of the coronavirus. Some countries, like Serbia, sought to centralise the dissemination of official information and banned certain media from regular briefings.

The first worrying legal initiative was noted in Croatia, where the government proposed a change to the Electronic Communications Act under which, in extraordinary situations, the health minister would ask telecommunications companies to provide data on the locations of users’ terminals. The legislative change is currently pending.

In Hungary, the Bill on Protection Against Coronavirus, giving the government almost total control of the flow of information about the pandemic, was adopted at the end of March. The Hungarian government also decided to limit the application of the EU’s General Data Protection Regulation, GDPR, and to extend the deadline for public institutions to provide data requested via freedom of information regulations from 15 to 45 days.

Romanian civil society organisations also drew attention to a lack of official transparency and the possibility of media freedoms being curbed by state-of-emergency provisions. Provisions enacted as part of the state of emergency to combat the spread of the coronavirus allowed the authorities to shut down websites that publish fake news and exempted the authorities from answering urgent inquiries from journalists. Access to a dozen websites has been blocked since then.

In North Macedonia, the media faced new procedures for the issue of work permits during coronavirus curfews. The government insisted that its pandemic measures would not affect the public’s right to information, but in practice, institutions were less responsive to freedom of information requests.

In general, there was a trend among many countries to suspend freedom of information requests.

Digital rights, and rights to privacy and freedom of expression on the internet have all faced serious limitations and breaches in South-East and Central Europe. In the semi-democracies of the region, dominated by regimes with elements of authoritarianism, there is legitimate concern about disproportionate interference in citizens’ personal data and concern that recently-imposed measures are not properly tailored to achieve their objectives while causing the least possible damage to guaranteed rights.

Many people’s lives during this period have completely shifted to the online world, where harmful behaviour usually remains unnoticed by authorities preoccupied by offline violations.

During BIRN’s monitoring period, the lack of a human rights-based approach towards people in the digital environment led to discrimination, hate speech and threats. Although protection of basic human rights and fundamental freedoms should be guaranteed on the internet in the same way as it is offline, in practice we have seen an increase in the number of cases of online violations. The forms that those violations take have been evolving as well.

A lack of knowledge and understanding of the online space, and the subsequent lack of internet governance have opened a Pandora’s Box, allowing various state institutions to arbitrarily, partially and unequally interpret people’s online behaviour.

The intense nature of the battle for control of the narrative about the coronavirus has made meaningful oversight of online life and practices, and establishing accountability for online actions, harder than ever.

To read the detailed overview of our digital rights monitoring click here. For individual cases, check our regional database, developed together with the SHARE Foundation.

Montenegro Court to Examine Publication of Self-Isolating Citizens’ Names

Posted on by Ivana Jeremic

Montenegro’s Constitutional court had agreed to examine whether the government violated the human rights of citizens ordered to self-isolate during the coronavirus by publishing their names.

On Friday it said it would consider the appeal brought by the local NGO Civil Alliance against the decision to publish the names of people undergoing self-isolation, which the alliance said violated their constitutional right to privacy.

The court will examine whether the decisions of National Coordination Body for Infectious Diseases violated constitutional rights,” the court said. 

The government published the names on March 21, despite warnings from opposition parties and civic society organizations that it risked violating constitutionally guaranteed human rights.

The government said it had to publish the list because some citizen were not respecting self-isolation obligations. It also claimed it had the approval of the Agency for Personal Data Protection. It stressed that security forces could not control every citizen who should be in self-isolation, and anyone who failed to self-isolate posed a threat to the entire community.

Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the global COVID-19 pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

Opposition parties and the civil society sector urged the government not to publish the lists, insisting it would violate the constitutional right to privacy. They also warned that citizens whose names were published might sue the state before the court.

The Head of the EU Delegation to Montenegro, Aivo Orav, called on the authorities to find the right balance between protecting the health and respecting the confidentiality of health information and the right to privacy of citizens.

On April 8, the Prosecutor’s Office filed criminal charges against a medical staffer in the Health Centre in the capital, Podgorica, after he published the list of names of infected people and their ID numbers on social networks.

It said that the man, known only by the initials M.R., was not unauthorized to collect and use personal information on COVID-19 patients through the IDO system and forward them via Viber to other persons.

Question Marks over Slovak Quarantine App Fuel Privacy Concern

Posted on by BIRD

A lack of detail on a new smartphone app designed to help authorities in Slovakia track people in home quarantine is raising doubts about its compliance with data privacy rules and fuelling conspiracy theories.

With 28 confirmed deaths to date, Slovakia tops the chart of European countries with the lowest number of COVID-19 victims per capita, a source of pride for politicians and healthcare workers.

But the country is also one of the last in Central and Eastern Europe to introduce any kind of digital technology to help tackle the pandemic.

Last week, parliament passed a bill introducing an app to keep tabs on those in quarantine at home, after the country’s Constitutional Court halted development of a contact-tracing app that had triggered concern over the need for the mass collection of data.

The quarantine app was due to go live on May 18, but authorities postponed the launch saying more testing was needed.

Created by the Slovak IT firm Sygic, the app avoids the need for any mass collection of data, but a lack of detailed information, particularly regarding how the data will be stored and who will have access to it, has many Slovaks worried.

Data rights activists say that, while the government must do what it can to save lives, it must also be transparent in order to earn the trust of the people.

“We understand that this difficult time calls for quick and maybe non-traditional solutions, but we can’t forget the [need for] clear communication, which would dispel concerns about a possible abuse of private data,” said Andrea Cox, director of Digital Intelligence, which works to promote the protection of digital rights in Slovakia.

Last week, Slovak parliament passed a bill introducing an app to keep tabs on those in quarantine at home, after the country’s Constitutional Court halted development of a contact-tracing app that had triggered concern over the need for the mass collection of data. Photo: EPA-EFE/JUSTIN LANE

Constitution vs. public health

For the past two months, Slovaks returning to the country have had to go into state-run quarantine facilities where they are tested for the novel coronavirus and, if negative, allowed home.

But Slovakia’s government, led by Igor Matovic and his anti-establishment OLANO party, has faced widespread criticism over conditions at the facilities.

The government now says the new, voluntary app – based on face biometrics and movement data – will allow people to self-isolate at home if they would rather not enter a state-run facility.

The data will be monitored by the Slovak Public Health authority, which, under the new law, must destroy a person’s data as soon as the required quarantine period is over.

It is still not known, however, where the data that is collected will be stored and who will have access to it.

Introduction of the app follows a Constitutional Court ruling last week that suspended telecommunications legislation adopted in April and that cleared the way for the mass collection of data from smartphones, effectively slamming the brakes on development of a contact-tracing app. Judges ruled that the Telecommunications Act was not specific enough and left unclear how private data would be handled.

It lacked, they said, “necessary guarantees against the misuse of the processed private information” and means of independent oversight.

Matovic said he was confident the new home-quarantine technology would pass muster.

“I think the constitutional court decision cannot prevent us from making the quarantine stay more comfortable for people,” he told a press conference on May 14.

But data privacy advocates are unconvinced.

“It is unacceptable for apps that could affect the everyday life of Slovak citizens to not be communicated properly,” said Eliska Pirkova, Europe Policy Analyst at Access Now, an international data rights advocacy group, during an online discussion on May 15 about the erosion of data rights during the COVID-19 crisis in Slovakia.

“We all know that technologies have the power to discriminate and breach not just the right to privacy, but other rights too. This is what I see as a problem in Slovakia.”

Technology and public trust

Poor communication has created a vacuum in Slovakia filled by misinformation and conspiracy theories about a potential COVID-19 vaccine, the origin of the coronavirus and the threats to privacy proposed by new technology.

Marian Kotleba, leader of the neo-fascist People’s Party Our Slovakia, LSNS, that won eight per cent of votes in Slovakia’s February general election, has shared conspiracies about microchips being implanted into people against their will, while former Prime Minister Robert Fico, leader of SMER-SD, has accused Matovic’s government of planning to spy on people via their phone data.

According to survey conducted by the Slovak Academy of Sciences, a large majority of voters for both parties believe the coronavirus was created in a lab and deliberately disseminated, while just 40 per cent of Slovaks say they would get vaccinated against COVID-19 once a vaccine becomes available.

“Insufficient communication creates space for those who shout the loudest, although they often talk rubbish, from the absurdities about microchips and manipulations to the 5G networks,” Cox told the May 15 online discussion, referring to a conspiracy theory that 5G mobile technology helps spread the virus.

“We want to believe,” she said, “that in designing the latest technological solutions, the officials have kept in mind questions like digital exclusion or discrimination caused by the lack of internet access, or social oversight.”

Need for vigilance

As countries emerge from lockdown, the development of smartphone apps to combat the spread of COVID-19 is being watched with mounting concern by human rights organisations concerned at their potential for abuse.

“Some restrictions on people’s rights may be justifiable during a public health emergency, but people are being asked to sacrifice their privacy and turn over personal data for use by untested technologies,” Deborah Brown, senior digital rights researcher at Human Rights Watch, said last week.

“Containing the pandemic and reopening society are essential goals, but we can do this without pervasive surveillance.”

Erik Lastic, head of the political science department at the Comenius University in Bratislava, said the pandemic had only further underlined the failure of the Slovak state to keep pace with technology. For years, corruption and incompetence have stymied efforts to create an effective digital public administration system. 

“The last decade, at the least, has shown that the state is failing in the development of any information systems,” said Lastic, also taking part in the online discussion. “It would be very unrealistic to expect that the pandemic can suddenly change that.”

Lastic said it was “good” that legislation introduced to combat COVID-19 was limited to the end of 2020, but that the experience of some countries, particularly in sidestepping legal restraints in the fight against terrorism since the 9/11 attacks on the United States, showed the need for vigilance.

“It would be naïve to trust that the state would limit itself and that it wouldn’t use tools that had worked well for it once,” he said.

COVID-Related Boom Reveals Video Conferencing’s Dark Side

Posted on by Ivana Jeremic

More than ever before, because of the coronavirus outbreak, use of video conferencing is on the rise.

Whether it is attending work meetings or online seminars and conferences, or taking part in leisure activities like online fitness classes and birthday parties – video conferencing and social media apps have brought huge relief, and a sense of continuity, to people feeling trapped inside their homes by government-imposed lockdowns.

However, while the coronavirus wreaks havoc outside, this time of increased online activities has also generated growing challenges. While some of the most popular video conferencing and video sharing apps, such as Zoom, Houseparty, and TikTok, have seen record-breaking growth in the numbers of users, the apps have also faced serious data breaches and other cybersecurity-related issues.

Cybersecurity experts say that while use of the apps has clearly reduced the risk of people getting infected with the virus by going outside, the same isn’t true for other viral problems, talking about cyberspace.

“Disclosure of personal data, recording sensitive information, or storing people’s profiles on unauthorized servers are some of the risks that go hand in hand with the use of video-conferencing tools,” says Skopje-based cybersecurity practitioner Daniel Trenchov.

“Greater use of virtual telecommunication tools does eliminate pandemic-induced risks,” he adds, “but not necessarily cybersecurity ones.”

Zoom ‘bombing’ is on the rise:


Illustration. Photo: EFE/MATTIA SEDDA

Last Friday, Michael Oghia, a Belgrade-based internet governance consultant, was getting ready for his weekly Zoom conference call with colleagues all over the world.

Usually, the group uses these meetings to chat and discuss ongoing social developments. This time, however, they experienced something more unpleasant.

“Around 45 minutes into the event, when one of the speakers went to share his screen, all of a sudden a child pornography video appeared. Once I realized what was happening, I immediately shut my laptop out of shock,” Oghia said.

“I couldn’t believe it. For a moment I thought that maybe it didn’t even happen. Then re-entered the Zoom call and wanted to see if the others had experienced it. Around 15 or 20 minutes later, another Zoom-bombing happened – again child porn. It was absolutely vile,” Oghia told BIRN.

“Zoom-bombing” incidents like this have become a regular occurrence for those using the app lately. In the last few months, since the coronavirus outbreak started, the app has seen the number of daily users increase hugely from 10 millio to 300 million.

After the incident, Oghia contacted Zoom to report what had happened. The company replied that it would investigate.

“Zoom-bombing is on the rise, and in this particular case, I’ve heard of multiple instances over the past few days of it happening (one group was the UK-based Open Rights Group, for instance),” Oghia explained.

“There will always be issues with safety concerns, but this is no excuse. I’ve used Zoom for years, and the ease of using the platform and the features it has have made video-conferencing easier. But they need to do an even better job at ensuring their privacy and making sure the security features are clear and easy to use.”

The incident prompted Oghia and his colleagues to prepare a short “zoom-bombing” prevention and resources guide to help others that are using Zoom and other video conferencing software.

In its latest statement, Zoom said that it would release an improved version of the app, addressing security concerns about phemonena like “bombing”, while also having upgraded encryption features.

More education in safe use of apps needed:


Illustration. Photo: EPA-EFE/AMEL PAIN

When it comes to the security of video-conferencing apps, several factors are crucial, cybersecurity experts explain. One is having a proper education in the safe use of these social tools.

“These apps have a very useful role and that is why their use should not be avoided, but it is necessary to educate ourselves more, to provide the highest possible protection,” a Skopje-based personal data protection expert, Ljubica Pendaroska, told BIRN.

It is essential to note that not every app is designed for use at home. Zoom was designed for use by large businesses with in-house IT specialists who would set up and control the software when using it, Pendaroska explained.

Now, especially during lockdowns, while Zoom is still mostly used for business purposes, people are using it more for family events such as birthdays, or even wedding celebrations.

“Potential hazards also come from the fact that these apps detect and remove issues most often on the go, or as they occur,” she said.

“What’s particularly concerning is that most of these tools are not encrypted by end-user to end-user, which increases the possibility of so-called ‘interception’ of communications by unwanted and malicious participants,” she added.

Houseparty, another popular video conferencing app, has also faced intense security scrutiny over the last months.

The app is popular with teenagers and youngsters who use it to play various group games, giving it a more fun-based approach compared to other apps. At the same time, these groups are potentially vulnerable to various security issues that can arise.

“There are also apps, for example like Houseparty, where to make it easier to find friends, you can connect your account with phone contacts and social media accounts,” Pendaroska noted. “This enormously increases the potential danger not only for your safety but also for the safety of all these contacts,” she added.

“There could be hacker attacks; during the meeting, the administrator can see details such as the operating system, IP address and location data of each of the participants; also, uninvited users in the communication, if the password is not authenticated, could use the conversation to spread malicious links or send files,” she explained.

Espionage concerns linked to China: 


Illustration. Photo: Pxhere

TikTok, a Chinese video-sharing social network, is increasingly popular in the Balkans, especially among teenagers who post various challenges to each other, such as dance-offs, sing-offs and so on.

But in some parts of the world, there are initiatives to ban it. In the US, lawmakers have introduced a bill to the Senate, which cites the company’s connection to the Chinese government, saying its potential collection of data from US citizens represents a security risk to the US.

Global cybersecurity companies have also identified many security vulnerabilities in the app that could allow malicious actors to manipulate its content and reveal the personal data of its users.

Cybersecurity experts say one way that tech companies could deal with such security risks and the consequences for their users is by having transparency reports.

“This could also include independent security audits of their code looking for weaknesses and flaws – akin to what Microsoft and Apple do with their operating systems, or what Google does with its “bug bounty” program,” Oghia suggested.

When it comes to the users themselves, the best prevention is to know not only what these apps bring to the table, but just as importantly, what their software solutions and vulnerabilities are.

Research by Picodi.com, an international e-commerce platform, says interest in video messaging clients has increased by seven times since the coronavirus restrictions were introduced in many European countries.

WhatsApp was the most frequently searched messaging app in 22 European countries. It is also a favourite app in the Czech Republic, Albania, Romania and Turkey.

Worldwide interest in the Zoom video app is skyrocketing, in Europe as well, with it being the most popular app in 14 countries, including Moldova, North Macedonia and Slovenia.

Besides WhatsApp and Zoom, people were massively using Skype – in Hungary, Poland, Slovakia and Greece, Viber – in Bosnia and Herzegovina and Montenegro, and Microsoft teams – in Croatia and Bulgaria.

Picodi.com analyzed the average number of online search queries of 19 messaging clients which enable video chatting.

A Password Pandemic. How Did a COVID-19 Password End Up Online?

Posted on by BIRD

The Covid – 19 Information System is a centralized software for collecting, analyzing and storing data on all persons monitored for the purpose of controlling and suppressing the pandemic in Serbia.

A SHARE Foundation screen shot of instructions on how to enter the database, which includes how employees were told that they can log in their shifts in the COVID-19 infirmary. Password and user names were also made public.

How did we get this data?

Along with the state of emergency, the Government of Serbia introduced numerous measures to tackle the pandemic, which included collecting and processing personal data in the unprecedent circumstances.

The Government also informed citizens about these measures by rendering unclear and undetailed conclusions,  none of which specified who was supposed to process the citizens’ data and how.

In an effort to understand the data flow and implications on citizens’ rights, we explored the new normative framework through publicly available sources. By searching keywords on Google, we accidentally discovered the page containing access information for the COVID-19 Information System. The data was published on the 9th of April.

In addition, we also managed to obtain manuals with instructions for navigating the centralised system webpage.

Which data was at risk?

As per Government’s Conclusion on establishing the Covid-19 Information System, a significant number of health institutions is required to use the mentioned software to keep records on cured, deceased and tested persons (whether positive or negative), as well as on persons currently being treated, in self-isolation or put in temporary hospitals, including their location data. This system also contains data on persons who are possible disease-carriers due to their contact with other infected persons. The institutions are required to provide daily data updates, as it’s the basis of the the diurnal 15 o’clock report read.

While attempting to clarify how our data is being stored, we could not have imagined that we would discover the access password and thus be able to enter the system – just as anyone else who may have found this webpage. It was immediately clear to us that the most sensitive citizens’ data were endangered and that the crucially important integrity of the system cannot be guaranteed in the fight against the pandemic.

We did not log into the system, which would anyway record such an attempt. Instead, we reported the case to competent authorities: the Commissioner for Information of Public Importance and Personal Data Protection, the National CERT and the Ministry of Trade, Tourism and Telecommunications.

Being aware of the risk of misuse arising with the accessibility of citizens’ sensitive data, we have decided to notify the public of the incident only after making sure that the authorities had prevented unauthorized access to the system.

A SHARE Foundation screen shot of an email sent to competent authorities: the Commissioner for Information of Public Importance and Personal Data Protection, Ministry of Trade, Tourism and Telecommunications and National CERT. SHARE urged the authorities to act in accordance with their rules and to appropriately inform them on the action.

How did the competent bodies react?

Less than an hour following our report, we were informed that the initial steps were taken as a response to the incident, making sure that the web page containing the username and the password is no longer publicly available.

Given the scope of the case, we may expect further action from the competent bodies. The Commissioner has the authority to initiate monitoring in line with the Law on Personal Data Protection, the competent ministry is in charge of the inspection monitoring in line with the Law on Information Security, whereas the National CERT has the  obligation to provide advice and recommendations in case of an incident.

Who’s to blame?

Aware of the pressure put on health services at the peak of the pandemic, we agreed that, for now, it would be appropriate not to publish the information on the specific health institution in which the incident took place. On the other hand, there is no doubt that the scale of this incident demands that the responsibility for its occurrence is properly determined.

The national legislative framework provides various mechanisms to prevent these kinds of situations, but the occurrences in practice are often far from the prescribed standards. Although they handle particularly sensitive data, health workers are often unaware of all possible risks present in the digital era. Health institutions are required to appoint a data protection officer, but due to limited resources, persons with insufficient expertise and unrelated primary job concerns are usually appointed to this position. In this specific case, the data protection officer may have been a person who takes care of corona-infected persons on a daily basis.

As today’s data protection demands the involvement of an IT expert, this requirement causes an additional burden to the public health institutions’ budget. Sometimes this means that the same person deals with all technical issues within an institution, while being paid far less than their private sector counterparts and without the opportunity to build further information security expertise.

Covid-19 Information System established by the Government represents a key point in a complex architecture for collecting and processing all defined data. Data collection occurs through different channels, while a single health institution is only a one system entrance point. In such a system, it is rather difficult to implement protection measures at entrance point level, meaning they should be defined at the central level as it would significantly lower the risk of incidents. Based on this case, we have concluded that only one user account was created for each of the health institutions, which does not enable determining individual responsibility for the system misuse.

What should have been done?

Without doubt, this is an ICT system of a special importance within which special categories of personal data are being processed. As such, it implies the necessity to undertake all measures stipulated by the Law on Information Security and the Law on Personal Data Protection in phases of its development and implementation. SHARE Foundation explored these measures to a great detail in its Guidebook on Personal Data Protection and Guidebook on ICT Systems of Special Importance .

By any means, it is necessary to fully implement privacy by design and security by design principles, which entail the following regarding the access to a system:

  • Every system user has their own access account
  • Every system user has the authorisation to process only the data necessary for their line of work
  • Access passwords are not published via an open network
  • A standard on password complexity is put in place
  • The number of incorrect password entries is limited

Our accidental discovery on Google revealed a breach of security and data protection standards within the health system. The state of emergency instituted due to pandemic cannot serve as an excuse for a job poorly done, nor can it serve as an obstacle for conducting an immediate detailed analyses of compliance of Covid-19 Information system with security standards.

North Macedonia Leads Region in COVID-19 Tracing App

Posted on by Ivana Jeremic

North Macedonia has become the first country in the Western Balkans to launch a contact-tracing app to tackle the spread of COVID-19, with the government at pains to stress user data will be protected.

StopKorona! went live on April 13 as a Bluetooth-based smartphone app that warns users if they have come into contact with someone who has tested positive for the novel coronavirus, based on the distance between their mobile devices.

The app, downloaded more than 5,000 times on its first day, was developed and donated to the Macedonian authorities by Skopje-based software company Nextsense.

States are increasingly looking at digital solutions to control the spread of COVID-19 as they move to open up their economies while limiting the burden on their health services. The European Union and data protection campaigners, however, have voiced concern over the threat such technology poses to individual privacy.

Presenting the app, Health Minister Venko Filipce said North Macedonia was looking to use “all tools and possibilities” to combat a disease that, as of April 15, had killed 44 people.

Information Society Minister Damjan Manchevski said all data would be securely stored.

“This data is recorded on a secure server of the Ministry of Health,” Manchevski said at the launch. “And no other user has access to mobile numbers, nor is there any data stored about the owner of the number.”

If a person tests positive for COVID-19, they can “voluntarily” submit their data to the Ministry of Health, Manchevski said, enabling the app to warn other users if they come into contact with that person.

Data privacy concerns linger


Macedonian Minister of Health Venko Filipce accompanied by Prime Minister Oliver Spasovski in Skopje, Republic of North Macedonia, 2020. Photo: EPA-EFE/NAKE BATEV

China, Singapore, Israel and Russia are among a number of countries that have developed their own coronavirus mobile tracking apps, mainly using Bluetooth, GPS, cellular location tracking and QR codes. The Chinese government app colour codes citizens according to risk level.

The technology, however, has set alarm bells ringing among data protection campaigners and rights organisations concerned about the threat posed by mass surveillance and loosening of data protection laws.

Nextsense director Vasko Kronevski, however, said his firm’s StopKorona! app adhered to all legal requirements.

“This is a mobile app made by following best practices around the world in dealing with the coronavirus,” he said. “It guarantees the complete protection of users’ privacy.”

“The success will depend on the mass use of the application. It is important to emphasise that we used global experiences from different countries.”

One of those examples is Singapore’s TraceTogether app, which helped the Asian country successfully contain the COVID-19 outbreak within its borders while, unlike most countries, keeping businesses and schools open.

According to data privacy experts, the decentralized design of North Macedonia’s app guarantees that data will only be stored on those devices that run it, unless they voluntarily submit it to the ministry.

“The key part is that the citizen maintains full control over their data until the moment they decide to send it to the Ministry after being diagnosed,” said Danilo Krivokapic, director of the Serbia-based digital rights watchdog SHARE Foundation.

“Additionally, all data stored on the phone is being deleted after 14 days,” he told BIRN. “In that context, the app is in line with the legislation that covers Data Protection.”

Krivokapic stressed that once data is shared with the authorities, the Ministry and all data users are obliged to respect the legal framework regarding privacy and data protection.

EU countries warming up to digital solutions


People wearing face masks in Skopje, Republic of North Macedonia, 2020. Photo: EPA-EFE/GEORGI LICOVSKI

France and Germany are reported to be working on similar contact-tracing apps, while Poland has made the biggest progress within the EU.

Polish authorities have already launched a smartphone app for those in quarantine and are now working on another, similar to StopKorona!

The first app was mandatory for people in quarantine, meaning that they had to upload selfies so the authorities could track their exact location.

According to Krzysztof Izdebski, policy director at ePanstwo Foundation, a Poland-based NGO that promotes transparency and open data, the coronavirus pandemic has already posed significant threats to privacy, with governments deploying technologies primarily created for the surveillance of their citizens.

With the second app, the Bluetooth-based ProteGO, authorities have published the app’s source code online, to get feedback and opinions from IT experts before implementing it.

So ProteGO, said Izdebski, is an example of an app that is trying to meet privacy requirements.

“The data is stored on personal devices for up to two weeks, and only if the user is sick and agrees to share data with respective authorities, they are being sent to the server – without information on the location,” Izdebski told BIRN.

And while digital solutions such as these could become a game-changer in containing the outbreak, experts note that success still depends on how many people are willing to use them.

“For the technical solution to have some results, a substantial number of citizens need to run the apps and to decide to share their data in case they are diagnosed,” said SHARE Foundation’s Krivokapic. “This way, the app can serve its purpose.”

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now