Data Protection under SARS-CoV-2: Difference between revisions

From GDPRhub
No edit summary
No edit summary
Line 5: Line 5:
Regardless of the exceptional situation, data processing in connection with measures against the Corona-Pandemic have to comly with the principles of data processing as lined out in [[Article 5 GDPR]]:
Regardless of the exceptional situation, data processing in connection with measures against the Corona-Pandemic have to comly with the principles of data processing as lined out in [[Article 5 GDPR]]:


'''Principle of lawfulness, fairness and transparency:''' Data processing must be lawful under Article 6 and/or Article 9 GDPR. Some member states have already passed laws that deal with the Corona-Virus which must be taken into consideration when assessing the lawfulness of the processing. See below for more information. Furthermore processing must be fair and transparant. This inludes i.a. that data subjects' whose data is being processed for purposes of fighting the Corona-Virus must be informed under Article 13 or 14 GDPR once their data has been obtained.
'''Principle of lawfulness, fairness and transparency:''' Data processing must be lawful under [[Article 6 GDPR]] and/or [[Article 9 GDPR]]. Some member states have already passed laws that deal with the Corona-Virus which must be taken into consideration when assessing the lawfulness of the processing. See below for more information. Furthermore processing must be fair and transparent. This includes i.e. that data subjects whose data is being processed for purposes of fighting the Corona-Virus must be informed under [[Article 13 GDPR]] or [[Article 14 GDPR]] once their data has been obtained.


To be continued.
To be continued.
Line 16: Line 16:


==DPA Guidelines==
==DPA Guidelines==
In the context of the Corona pandemic, the EU/EEA Data protection authorities released guidelines on the processing of sensitive data. You can have a look at the list below. Feel free to edit it!
In the context of the Corona pandemic, the EU/EEA Data protection authorities released guidelines on the processing of personal data. You can have a look at the list below. Feel free to edit it!


===Austria===
===Austria===
Line 31: Line 31:


===Germany===
===Germany===
The Data protection authority (the BfDi) issued guidelines [https://www.bfdi.bund.de/SiteGlobals/Modules/Buehne/DE/Startseite/Pressemitteilung_Link/HP_Text_Pressemitteilung.html here], as well as the DPA of Bradenburg, see [https://www.lda.brandenburg.de/cms/detail.php/bb1.c.661589.de?highlight=dsgvo here].
The Federal Data protection authority (the BfDi) issued guidelines [https://www.bfdi.bund.de/SiteGlobals/Modules/Buehne/DE/Startseite/Pressemitteilung_Link/HP_Text_Pressemitteilung.html here], as well as the DPA of Bradenburg, see [https://www.lda.brandenburg.de/cms/detail.php/bb1.c.661589.de?highlight=dsgvo here].


===Greece===
===Greece===
The Data protection authority (the HDPA) issued guidelines [https://www.dpa.gr/APDPXPortlets/htdocs/documentSDisplay.jsp?docid=163,39,44,101,194,223,3,99&fbclid=IwAR3qWYkFEOzklsGPXi70w36D2D-cbv9VCCiqMvluMOa8DJEMldZKxcbKQL8 here].  
The Data protection authority (the HDPA) issued guidelines [https://www.dpa.gr/APDPXPortlets/htdocs/documentSDisplay.jsp?docid=163,39,44,101,194,223,3,99&fbclid=IwAR3qWYkFEOzklsGPXi70w36D2D-cbv9VCCiqMvluMOa8DJEMldZKxcbKQL8 here].  


===Hungary===  
===Hungary===  

Revision as of 16:59, 18 March 2020

General Comments

The sudden and unexpeceted outbreak of cases of COVID-19-Afflictions ("Corona-Virus"), which was declared a pandemic by the WHO has also resulted in extensive data processing activities by EU member states and private companies. This processing activities focus on preventing/slowing the further the spreading of the Corona-Virus and on monitoring the citizen's abidance with governmental measures such as quarantine.

Article 5 Principles

Regardless of the exceptional situation, data processing in connection with measures against the Corona-Pandemic have to comly with the principles of data processing as lined out in Article 5 GDPR:

Principle of lawfulness, fairness and transparency: Data processing must be lawful under Article 6 GDPR and/or Article 9 GDPR. Some member states have already passed laws that deal with the Corona-Virus which must be taken into consideration when assessing the lawfulness of the processing. See below for more information. Furthermore processing must be fair and transparent. This includes i.e. that data subjects whose data is being processed for purposes of fighting the Corona-Virus must be informed under Article 13 GDPR or Article 14 GDPR once their data has been obtained.

To be continued.

Legal Basis under Article 6

To be added soon...

Legal Basis under Article 9

To be added soon...

DPA Guidelines

In the context of the Corona pandemic, the EU/EEA Data protection authorities released guidelines on the processing of personal data. You can have a look at the list below. Feel free to edit it!

Austria

The Data protection authority (the DSB) issued guidelines here.

Denmark

The Data protection authority (the Datatilsynet) issued guidelines here.

Estonia

The Data protection authority (the AKI) issued guidelines here.

France

The Data protection authority (the CNIL) issued guidelines here.

Germany

The Federal Data protection authority (the BfDi) issued guidelines here, as well as the DPA of Bradenburg, see here.

Greece

The Data protection authority (the HDPA) issued guidelines here.

Hungary

The Data protection authority (the NAIH) issued guidelines here.

Iceland

The Data protection authority (the Persónuvernd) issued guidelines here.

Ireland

The Data protection authority (the DPC) issued guidelines here.

Luxembourg

The Data protection authority (the CNPD) issued guidelines here.

The Netherlands

The Data protection authority (the AP) issued guidelines here.

Norway

The Data protection authority (the Datatilsynet) issued guidelines here.

Slovenia

The Data protection authority (the IP) issued guidelines here.

Sweden

The Data protection authority (the Datainspektionen) issued guidelines here.

The UK

The Data protection authority (the ICO) issued guidelines here.

EDPB

The EDPB issued a statement here.