Het COVID-19 virus leidt bij veel mensen en organisaties tot de behoefte meer gezondheidsgegevens te registreren en communiceren. Door sommige wordt de Algemene Verordening Gegevensbescherming (AVG) daarbij als belemmerend ervaren. Een mogelijke oplossing kan de juiste inzet zijn van een app.
Ook op Europees-niveau wordt er op dit moment hard aan gewerkt om er voor te zorgen dat daarvoor enerzijds de juiste kaders helder zijn en dat deze technologische oplossing gerealiseerd kan gaan worden. Zie hiervoor bijvoorbeeld de brief van de European Data Protection Supervisor Wojciech Wiewiórowski ( https://edps.europa.eu/sites/edp/files/publication/2020-04-06_eu_digital_solidarity_covid19_en.pdf ) waarin hij onder ander stelt dat:
“The GDPR clearly states that the processing of personal data should be designed to serve mankind (it was the favourite quote from GDPR for my predecessor Giovanni Buttarelli). GDPR states also that the right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.”
En even verder;
“The EDPS is aware that a number of EU Member States have or are in the process of developing mobile applications that use different approaches to protect public health, involving the processing of personal data in different ways. The use of temporary broadcast identifiers and bluetooth technology for contact tracing seems to be a useful path to achieve privacy and personal data protection effectively. Given these divergences, the European Data Protection Supervisor calls for a pan-European model “COVID-19 mobile application”, coordinated at EU level. Ideally, coordination with the World Health Organisation should also take place, to ensure data protection by design globally from the start.
“Therefore, we are going to work with the European Commission to make sure that any measures taken at European or national level are:
– Temporary–they are not here to stay after the crisis.
– Their purposes are limited–we know what we are doing.
– Access to the data is limited –we know who is doing what.
– We know what we will do both with results of our operations and with raw data used in the process –we know the way back to normality.”
Daarnaast komt ook de European Data Protection Board (EDPB) met aanvullende richtlijnen:
Andrea Jelinek, Chair of the EDPB, said: “The Board will prioritise providing guidance on the following issues: use of location data and anonymisation of data; processing of health data for scientific and research purposes and the processing of data by technologies used to enable remote working. The EDPB will adopt a horizontal approach and plans to issue general guidance with regard to the appropriate legal bases and applicable legal principles.”