Insights & news

Data Protection Authorities Provide Guidance on Processing of Personal Data in Context of COVID-19 Outbreak

  • 31/03/2020
  • Articles

The outbreak of the new Corona virus COVID-19 has caused various emergencies with novel challenges for many organisations collecting and processing personal data, such as:

 

  • Employers monitor employees working from home; request employees and visitors to report risk factors such as travelling or exposure to people with flu-like symptoms; may need to report that an employee is infected with COVID-19 to other employees;
  • physicians and pharmaceutical companies may wish to use data to investigate new treatments;
  • authorities enforce lockdown measures by video cameras and tracking phones; and
  • health authorities need detailed test results and other health data to map virus spreads and keep detailed statistics.

European and Belgian data protection authorities have provided guidance on the application of data protection rules to these novel challenges. “Data protection rules (such as the GDPR) do not hinder measures taken in the fight against the coronavirus pandemic”, writes the European Data Protection Board (EDPB).

While the urgency of the situation may justify measures that go further than would be normally allowed, the EDPB warns that these measures should be proportionate and limited to what is necessary: an “[e]mergency is a legal condition which may legitimise restrictions of freedoms provided these restrictions are proportionate and limited to the emergency period”.

In addition, the Belgian data protection authority (Gegevensbeschermingsautoriteit / autorité de protection des données – the DPA) has published a Q&A on COVID-19 and the processing of personal data in the workplace. The DPA is of the opinion that employers should only process health data if required by public authorities. In other cases, health data of employees should always be processed by the occupational physician.

The DPA sets out a short Q&A in which it explains, among other matters, that measuring body temperature does not constitute a processing of personal data as long as it is not recorded. Nevertheless, the DPA reiterates that such measures should be implemented in accordance with applicable employment rules.

The full statement of the EDPB can be consulted here.

The Q&A of the Belgian DPA is available in Dutch and in French.  

Key contacts

Related practice areas

Related insights

Sign up for updates
    • 19/10/2020
    • Newsletters

    VBB on Belgian Business Law, Volume 2020, No. 9

    The September 2020 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law

    Read more
    • 14/10/2020
    • News

    CJEU on Access and Retention of Traffic and Location Data for National Security

    On 6 October 2020, the Court of Justice of the European Union (CJEU) handed down judgments in three cases on the compatibility of the ePrivacy Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector with methods for combating terrorism (Case C-623/17, Privacy International, as well as Joined cases C-511/18, La Quadrature du Net and Others, C-512/18, French Data Network and Others, and Case C-520/18, Ordre des barreaux francophones et germanophone and Others). These judgments may require Member States to review their legislation to balance national security with the fundamental rights of its citizens. In addition, these judgments could have an impact on EU-UK data flows post-Brexit… Please click below to read our note on these CJEU judgments.

    Read more
    • 21/09/2020
    • Newsletters

    VBB on Belgian Business Law, Volume 2020, No. 8

    The August 2020 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *