Why data protection is not an inhibitor in the fight against COVID-19
19 Mar 2020 03:43 PM
The clear message from Data Protection Authorities is that the data protection community stands ready to support the fight against COVID-19.
Right now, data is at the heart of the fight against the spread of COVID-19. Since the outbreak of the coronavirus around the world data has quickly become a vital tool in the race to predict, prevent and protect the public from the virus. Data modelling, analytics and visualisation tools are turning data into vital information that officials can use to help identify and respond to the number, location and spread of coronavirus cases and make decisions to keep us safe. The need and importance of collecting and sharing data that officials and medical experts need quickly is clear. This week techUK spoke to the UK’s Information Commissioner Elizabeth Denham who was absolutely clear that data protection compliance issues should not and need not come in the way of the fight against COVID-19.
To this point the Information Commissioner's Office (ICO) has produced some very useful guidance for Data Controllers on what they need to know in relation to COVID-19. This guidance includes information for healthcare organisation on contacting individuals in relation to COVID-19 without having prior consent and sharing health information with public authorities. The message is that data protection will not stop the sharing of information quickly or prevent companies from adapting the way they work but it is about “being proportionate”. The ICO has followed this advice for Data Controllers by also sharing advice and information for individuals on what COVID-19 means for personal data.
From the ICO’s first statement on COVID-19 on 12 March it has made it clear that, as the regulator for data protection laws, they will continue to follow a pragmatic approach and “take into account the compelling public interest in the current health emergency”. The Secretary of State for Health and Social Care Matt Hancock reflected this view by stating that “GDPR does not inhibit use of data for coronavirus response” where there is a “overwhelming” public interest.
This approach has been echoed by a number of global data protection authorities in a COVID-19 statement by the Global Privacy Assembly (GPA) which is currently chaired by the UK’s Information Commissioner Elizabeth Denham and is made up of more than 130 data protection and privacy authorities. In its statement the GPA outline the importance of coordination between national and global organisations and governments and that data protection requirements “will not stop the critical sharing of information” to support efforts to tackle the global pandemic. It highlights that the data protection principles inherent in law “will enable the use of data in the public interest” as well as providing data protection to individuals. Along with the statement the GPA launched its data protection and COVID-19 resources page which provides the latest guidance and information from GPA members.
The clear message from Data Protection Authorities, not just in the UK but around the world, is that the data protection community stands ready to support the “swift and safe data sharing” that is needed now and as we move forward. This clarity and leadership is welcomed by industry and will be key as we move forward in the fight against COVID-19. techUK will continue to ensure that it continues to gather members concerns, queries and questions acting as a conduit between industry and the regulator.