Mainz police investigated illegally with data from the Luca app

The Mainz police have used data from the system behind the Luca app for an investigation into a fall resulting in death in the old town of the state capital without any legal basis. The SWR reports this with reference to its own research. The public prosecutor’s office has now admitted to the misuse of the personal information that is collected for the pursuit of contact persons of infected people and apologized for the actions of the investigators.

, “mpos”: [“understitial”,”top”], “themenhub”: “yes”} “type=” gpt “unit=” / 6514 / www.heise.de / newsticker / news-security “width=” 300 “>

Witnesses wanted

The investigators identified according to the report with the help of the data query visitors to a restaurant in downtown Mainz wanted to win them as possible witnesses for the tragic event, in which a guest of the economy apparently fell at the end of November and later succumbed to his injuries. A senior employee of the restaurant confirmed to the broadcaster that officials of the Mainz criminal police were actively looking for data after the incident the Luca system.

Later she received a request from the Mainz health department via the Luca app for data release regarding the guests present on November 29, the landlady reported A person concerned confirmed that he had been contacted by the police on December 20 with the notice ice that his contact details were obtained via the Luca app.

“Incorrect assessment” of the legal text

Prosecutors may access information from the controversial Luca system , which is used in many public institutions to register visitors, usually due to Paragraph 28a of the Federal Infection Protection Act for data protection reasons do not access. The state government of Rhineland-Palatinate also declares on its website that the Luca -App obtained data may not be used for “other purposes” beyond contact tracking for health protection. This also prescribes Paragraph 1 of the state’s Corona Control Ordinance.

The Mainz public prosecutor’s office has now confirmed the data query in connection with the case to the SWR. A total of 21 potential witnesses were found and called. This was agreed with the responsible police authority and was due to an incorrect assessment of the Infection Protection Act. In fact, there was “no sufficient legal basis” for the action. The official data protection officer has already been informed and the intention is to also inform the state data protection officer. It is ensured that the data obtained is no longer used. When investigating investigative procedures, no further relevant processes have become known.

Health authorities have “simulated an infection case”

The makers of the Luca app condemn, according to a statement on Friday “this misuse of the data collected for infection protection”. At the same time, they welcomed the announcement by the public prosecutor’s office to “sensitize” criminal prosecutors to the legal situation. They themselves would have “had no knowledge of the incident”.

According to Luca, the information can only be provided “if the respective health department and the respective company give their consent at the same time in the event of an infection and use their individual keys to decrypt the data “. In this case the Mainz health authority “simulated a case of infection and obtained the consent of the company to provide the data” at pressure or at the request of the police. According to the app, the system’s operators receive inquiries from the police and public prosecutor’s office “almost every day”. These would always be answered with the note “that we cannot deliver any data because we have no technical access to it due to the encryption concept”. When the Luca system did not yet exist, the police in several federal states also had access to personal data from Corona guest lists from restaurants, Cafes and hotels accessed . Bavarian law enforcement officers even took action against petty crime . At that time the legal situation was still unclear.

( tiw )