The EU General Data Protection Regulation allows the temporary suspension of some data-protection rights in times of crisis, such as the outbreak of the 2019 Novel Coronavirus. This installment of The eData Guide to GDPR discusses the nature of those suspensions, and how the need to address the ongoing health crisis is being balanced with data-protection rights in Italy, France, and Germany.
The primary goal of the EU General Data Protection Regulation (GDPR) is protection of the personal identifying information of data subjects. Use of such personal information, including the transfer of data, is specifically limited by the GDPR’s enumeration of data subject rights. These rights, however, are not unconditional, and the regulation’s drafters contemplated that under circumstances of civil crisis, some of these protections and rights might be suspended or restricted.
The global spread of the 2019 Novel Coronavirus (COVID-19) presents the first instance of GDPR’s suspension in the face of civil crisis. Most prominently, Article 9 (2) (i) of the GDPR allows the processing of these special categories of data if the processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health.