Authors
Paul Voigt

Paul Voigt, Lic. en Derecho, CIPP/E

Partner

Read More
Wiebke Reuter

Wiebke Reuter, LL.M.

Associate

Read More
Authors
Paul Voigt

Paul Voigt, Lic. en Derecho, CIPP/E

Partner

Read More
Wiebke Reuter

Wiebke Reuter, LL.M.

Associate

Read More

17 March 2020

Opinions of the European supervisory authorities: Data protection and COVID-19

Since the WHO declared COVID-19 (Corona) a pandemic on 11.03.2020, the political measures to contain the virus have intensified across all countries. Employers are facing the dilemma of having to maintain normal business operations on the one hand, while at the same time complying with their duty of care towards their employees. In order to minimize the risk of infection within their business premises, they depend on additional information. Which employee has recently been in an area that is deemed risky? Do some employees already have the first disease related symptoms? Has any of my employees been confirmed carrying COVID-19? How do I communicate a COVID-19 case within my company? May I disclose names? As these questions concern personal data, the data protection regulations of the GDPR apply. Processing data is made even more difficult as health data (i.e. special categories of personal data within the meaning of Art. 9 (1) GDPR) are affected. Such data may only be processed under strict conditions. According to a statement of the EDPB*, the GDPR does not hinder measures taken in the fight against COVID-19. Despite these “exceptional times”, the protection of the data subjects’ personal data must be ensured. The personal data of some employees may be processed – even without their consent – in accordance with Articles 6 and 9 GDPR either to comply with legal obligations or to protect vital interests.

In the last few days, the first European supervisory authorities have published statements on the issue of "Data protection and COVID-19".

For a preliminary overview, we have compiled for you the rough positions of the individual supervisory authorities:
Opinions of the European supervisory authorities: Data protection and COVID-19

We have compiled on our website comprehensive information and recommendations for action in response to the legal implications arising from the coronavirus pandemic: Coronavirus - legal issues

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

GDPR

GDPR fines: enforcement practice of the European supervisory authorities

4 May 2020

by Paul Voigt, Lic. en Derecho, CIPP/E and Rita Danz, Maître en droit

Click here to find out more
Information technology

ISTG 2021: New regulation on online gambling in Germany will enter into force July 2021

22 April 2020

by Paul Voigt, Lic. en Derecho, CIPP/E and Wiebke Reuter, LL.M.

Click here to find out more
Information technology

Federal Administrative Court Darmstadt suspends sports betting licensing proceedings

17 April 2020

by Paul Voigt, Lic. en Derecho, CIPP/E and Wiebke Reuter, LL.M.

Click here to find out more