Confusion around GDPR during coronavirus prompts EDPB response

Governments, public and private organisations throughout Europe are taking measures to contain and mitigate COVID-19. This can involve the processing of different types of personal data. As the current pandemic has spread throughout Europe, data protection authorities have faced questions about how far employers and other organizations can go in terms of asking people personal and medical-related information to protect the rest of the public at large.

Despite the fact the European Union has one single, overarching piece of stringent data privacy legislation – the General Data Protection Regulation (GDPR) – several of the 28 EU member states have taken views that are not wholly consistent with the rest of the package. As a result, the European Data Protection Board (EDPB), the body that ensures privacy legislation is applied evenly across the European Union, released last Friday a statement to clarify how personal data could be processed by companies during the ongoing global emergency.

Find the EDPB’s released statement here:

https://edpb.europa.eu/our-work-tools/our-documents/other/statement-processing-personal-data-context-covid-19-outbreak_en

and a summary with the previous views of some national data protection agencies here: https://www.complianceweek.com/data-privacy/confusion-around-gdpr-during-coronavirus-prompts-edpb-response/28645.article

Categories