GDPR also applies during the COVID-19 pandemic
The General Data Protection Regulation (GDPR) protects the privacy and security of data of European citizens, institutions and businesses. It applies to personal data, data processing, data subjects, data controllers and data processors. The European Commission aims to use data to map the spread of the COVID-19 in order to improve the response, while continuing to adhere to the GDPR.
The European Commission has urged the largest European telecom operators to share (anonymised and aggregated) data from across the region to map COVID-19 and improve a targeted response. The plans make it possible for the Commission to access the data and use it to improve the response to COVID-19. The data is not used to track whether people are complying with the restrictions in place.
Many telecom operators have already started sharing (anonymised) data with their national health authorities in Italy, Germany and Austria. This data makes it possible to map the concentrations and movements of people in ‘hot zones’ where COVID-19 has struck harder. Citizens in these areas need to comply with the (national and local) social distancing rules in order to contain the virus and relieve the pressure on the healthcare system.