The Statement of the European Data Protection Board on Data Processing in the Context of the COVID-19 Outbreak
The European Data Protection Board (EDPB) has adopted a statement regarding processing of personal data in the context of the COVID-19 outbreak on 19 March 2020. In the statement, EDPB underlines that, the data controller and processor must ensure the protection of the personal data of the data subjects, even in exceptional times; however, data protection rules (such as the GDPR) do not hinder measures taken in the fight against the coronavirus pandemic.
EDPB implies that, the processing of personal data (especially location data and/or special categories of personal data such as health data) may be legitimate without relying on consent of individuals only when;
- It falls under the legal mandate of the public authority (e.g. public health authorities) provided by national legislation and the conditions enshrined in the GDPR,
- It is necessary for the employer to comply with a legal obligation such as obligations relating to health and safety at the workplace, or to the public interest, such as the control of diseases and other threats to health,
- Member States introduce legislative measures which are necessary, appropriate and proportionate (proportionality of the measure in terms of duration and scope, limited data retention and purpose limitation) to safeguard public security in accordance with the Charter of Fundamental Rights and the European Convention for the Protection of Human Rights and Fundamental Freedoms.
Please find the related statement here for detailed information.
All rights of this article are reserved. This article may not be used, reproduced, copied, published, distributed, or otherwise disseminated without quotation or Erdem & Erdem Law Firm's written consent. Any content created without citing the resource or Erdem & Erdem Law Firm’s written consent is regularly tracked, and legal action will be taken in case of violation.
Other Contents
The Personal Data Protection Authority (“PDP Authority”) clarified the issues to be considered within the scope of the Law on the Protection of Personal Data No. 6698 (“Law”) in the process of combating Covid-19 with the Public Announcement (“Announcement”) published on 27.03.2020.
Following the announcement of the implementation of the Pandemic Isolation Tracking Project led by the Ministry of Health, the Personal Data Protection Authority published a public announcement on 09.04.2020 entitled Matters to Know about the Processing of Location Data and Monitoring Mobility of People in the Combat with COVID-19 (“Announcement”).
Through the decision dated 23.06.2020 and numbered 2020/482 (“Decision”), the Personal Data Protection Board has decided to re-extend the registration periods of the Data Controllers Registry (“VERBIS”) due to the Covid-19 outbreak.
Through the decision dated 11.03.2021 and numbered 2021/238 (“Decision”), the Personal Data Protection Board has decided to re-extend the registration periods of the Data Controllers Registry (“VERBIS”) due to the Covid-19 outbreak.
The Announcement of the Personal Data Protection Authority Regarding Covid-19 Vaccines and PCR Tests.