DPIA

Some examples of DPIAsโ€ฆ

DPIA for Australia's COVIDSafe app (derived from SIngaporeโ€™s Trace Together - not GAEN)
https://www.health.gov.au/sites/default/files/documents/2020/04/covidsafe-application-privacy-impact-assessment-covidsafe-application-privacy-impact-assessment.pdf

DPIA for Irish App (GAEN)
covidtracker-documentation/documentation/privacy/Data Protection Impact Assessment for the COVID Tracker App - 26.06.2020.pdf at master ยท HSEIreland/covidtracker-documentation

DPIA for German App (in German)
https://www.coronawarn.app/assets/documents/cwa-datenschutz-folgenabschaetzung.pdf

(also 5 annexes which are linked from here:ย GitHub - corona-warn-app/cwa-documentation: Project overview, general documentation, and white papers. The CWA development ends on May 31, 2023. You still can warn other users until April 30, 2023. More information: )

This is also interesting: a generic DPIA for GAEN apps (plus some comments about centralized Bluetooth Apps as well)
https://www.researchgate.net/project/Data-Protection-Impact-Assessment-for-COVID-19-Contact-Tracing-Apps
(download here:ย https://www.fiff.de/dsfa-corona)

Sectiond 7 & 8 have an extensive discussion of potential privacy risks, and mitigations that the authors believe are necessary when deploying any Bluetooth DCT app.

ย