On 31 March 2020, the EMR published an article in the European Data Protection Law (EDPL), which deals with the way in which the data protection authorities of the Member States, the European Data Protection Board (EDPB) and the European Data Protection Officer (EDPS) deal with data protection issues that currently arise in light of the measures to contain and combat the spread of the coronavirus. The contribution is available open access on the EDPL website.
The author Christina Etteldorf, research associate at the EMR, analyses the guidelines, FAQs and communications issued by the data protection authorities of the EU27 Member States as well as the EDPB and the EDPS on the processing of personal data in connection with the coronavirus and then goes into more detail on the individual focus areas that can be identified. For example, the tracking of location data of people who are proven to be infected with the virus plays a role in combating the spread of the virus. In addition, the data protection authorities have expressed their views on the possibilities and limits of the processing and transfer of (health) data by authorities and employers. Data protection implications for home office work and (unsolicited) governmental contact with citizens via electronic means of communication are also dealt with.
Both similarities and differences within the various approaches of the authorities are revealed. While, for example, the permissibility of measuring the body temperature of employees by the employer (in order to be able to infer a possible infection) is firmly rejected in France against the background of data protection principles, the Greek supervisory authority sees this as less strict and visitors and employees of the Bulgarian data protection authority even had to undergo such control measures themselves. According to the author, this poses certain risks for a consistent application of data protection law within the EU. Moreover, some of the statements show that data protection is sometimes viewed less strictly against the background of the current situation. Even if a higher priority is given to health protection, this should not lead to a lowering of the level of data protection, as it is often difficult to reverse routines once they have become routine.
The article examines the opinions published up to 30 March 2020, and an update will be published in the next issue of EDPL (2/2020), expected to appear in June, which will also take a look beyond the borders of the EU.
The article can be viewed and/or downloaded here:
Info on EDPL: The European Data Protection Law Review (EDPL) provides a practical and intellectual forum to discuss, comment, and review all issues raised by the development and implementation of data protection law and policy in the EU Member States. The journal reports on key legislative developments and addresses relevant legal, regulatory, and administrative progresses in EU Member States and institutions. Important judgments that shape the interpretation and application of the EU law in this field are indentified and analysed, particularly judgments by the European Courts, international courts and tribunals such as the WTO’s Dispute Settlement Body, and higher national courts. Furthermore, contributors address relevant legal, regulatory and administrative developments in EU Member States that shape the practical implementation of European law in this field.