Relevant given the recent release of the Australian app. The EU have been generally pro-privacy for some time and the list of safeguards they mandate seem to be fairly reasonable and balanced upon protecting the individual and doing the job it needs to do.
The problem with the conversation at present on the Australian app is that it is using a number of keywords such as encryption and privacy impact assessment; both of which can have significantly varying degrees of efficacy neither of which are explained in any real detail. There is also a high reliance on legislative protections. As we have seen in the recent past with metadata retention, legislative protections are not always the best solution.
https://www.theregister.co.uk/2020/04/17/european_contact_tracing_app_spec/