Data As a Weapon To Fight Covid-19
Table of contents
Although there has been an increase in gun sales according to the BBC, those looking to stay safe should use different means. The race is on for app based technology to help ease the spread of the novel corona virus from reaching unprecedented global infection rates.
Countries such as Singapore and China have released technological applications in order to aid in contact tracing efforts, by enabling contact tracers to inform users who are close contacts of COVID-19 cases “more quickly” through the use apps such as TraceTogether. “All means will be used to fight the spread of the coronavirus,” Israeli Prime Minister Benjamin Netanyahu said on March 14, “including technological means, digital means, and other means that until today I have refrained from using among the civilian population”. In China, draconian surveillance measures are being put in place. Yet the big question remains, is this within the realm of data protection and will such measures extend to other nations?
Last week, the Italian Government published a Decree in the Official Journal (No 14/2020) which establishes a specific legal framework for the collection and sharing of personal data related to health by public health authorities and by companies that are part of the national health system, such as any type of health app accepted by an insurance provider. This is valid for the duration of the state of emergency related to COVID-19, which went into effect in on the 31st of January.
Wanting to hear what people have to say in regards to using health data as a weapon, Usercentrics conducted a nationwide survey to determine just how eager people in Germany were to give up personal data for the fight to eradicate COVID-19. With over 80 percent of respondents saying they would, (Survey) it is clear that mindsets are shifting and that Germany might be one step closer.
Zooming into GDPR regulations, Recital 46 specifically refers to the lawfulness of the following type of processing namely, 1) “including for monitoring epidemics and their spread”. According to research gathered from the Future of Privacy Forum, there are provisions in both Article 6 GDPR (the general lawful grounds for processing personal data), and Article 9 (the prohibition to process sensitive data and the exceptional circumstances in which they can be processed) that allow for collection, use and necessary sharing of personal data related to health in the context of an epidemic.
Will this hold for Germany as well? One thing is clear, the current GDPR regulations still require full consent in order to utilise any form of personal data, and while Italy may have accepted this decree, Germany has not yet amended the EU wide GDPR legal framework. In the battle against COVID-19, privacy remains as relevant as ever.