As lockdowns ease across the world, public authorities and private companies are looking to roll out contact tracing apps that notify people where they have been in proximity to someone with COVID-19 or its symptoms. Some of these technologies are well-publicised, especially at the public authority level – and in the private sector, the market has been estimated at US$4 billion. Contact tracing is a long-established public health action.
Despite pragmatic and helpful noises from regulators like the UK Information Commissioner’s Office recognising that organisations may see the need to process health data for contact tracing and other coronavirus-related risk management measures, European regulators are very clear that the GDPR still applies in the pandemic. When using new kinds of data in new ways like this, organisations need to apply the governance principle at the heart of GDPR. Guidance from the various regulators do not always align, so a patchwork of approaches across Europe (let alone looking beyond) needs to be managed.
Read the full article first published in Global Data Review on 5 June 2020.
