Explainer: EU privacy rules no obstacle to coronavirus
fight; smartphone tracking a no-no
Send a link to a friend
 [March 10, 2020] By
Douglas Busvine
BERLIN (Reuters) - Europe's privacy
rulebook does not create obstacles to taking action to curb the
coronavirus epidemic but mass tracking of people's movements and
contacts using smartphone location data would represent a clear
violation.
Technophiles support the use of such data to reconstruct the movements
of people exposed to the flu-like virus and identify others at risk of
infection. Privacy advocates counter that this approach, used in China,
subjects people to the kind of digital surveillance that has no place in
a Western democracy.
The General Data Protection Regulation (GDPR), which took effect in the
European Union in mid-2018, states that people's data is their own and
requires anyone seeking to process it to obtain their consent.
WHAT DO EMPLOYERS HAVE TO DO?
Companies should take action to minimize both the risk of infection and
violations of privacy. They can obtain information on whether an
employee has traveled to a region with confirmed coronavirus cases,
according to law firm CMS
https://cms.law/
en/nld/publication/
coronavirus-employer-measures-and-policies.
Some systemic data collection may also be required, such as through
workplace questionnaires or requiring staff to report their travel
plans.
This is covered under Articles 6 and 9 of the GDPR, which cover
workplace health and safety, and using preventive or occupational
medicine to address serious cross-border health threats.
WHAT CAN'T THEY DO?
Employers are not allowed to take mandatory readings of the temperature
of employees or visitors, nor can they require them to fill out
compulsory medical questionnaires, according to French data protection
office CNIL.
In practical terms that means a receptionist can't take the temperature
of a visitor, as this would require processing of health data that can
only be done by a doctor, said Holger Lutz, partner at law firm Baker &
McKenzie in Frankfurt.
CAN NATIONAL GOVERNMENTS
OVERRIDE THE GDPR?
Italy, the European country hardest hit by coronavirus, has passed
emergency legislation requiring anyone who has recently stayed in an
at-risk area to notify health authorities either directly or through
their doctor.
Germany, meanwhile, recently inserted wording into its GDPR enabling
legislation that specifically allows for the processing of personal data
in the event of an epidemic, or natural and man-made catastrophes, said
Lutz.
COULD SMARTPHONE TRACKING HELP?
The head of the Robert Koch Institute, Germany's main public health
body, caused a stir last week by suggesting that smartphone location
data could be used to track people as a tool for curbing the spread of
the coronavirus.
[to top of second column] |
A woman wearing a face
mask checks her phone outside the Teatro alla Scala, closed by
authorities due to a coronavirus outbreak, in Milan, Italy February
24, 2020. REUTERS/Flavio Lo Scalzo
The technology exists - Google Maps for example uses smartphone GPS location
data to estimate traffic congestion and calculate journey times.
A Hamburg geotracking startup called Ubilabs is working with the Hannover School
of Medicine on a data analysis platform that could track people who have tested
positive for the coronavirus and their contacts, Der Tagesspiegel reported on
Tuesday.
HOW COULD TRACKING COMPLY WITH THE GDPR?
Such smartphone tracking would in all probability require people's consent to
have a valid legal basis, Federal Data Protection Officer Ulrich Kelber told
Reuters.
Any tracking-based system would need to undergo detailed analysis to ensure an
acceptable level of data protection, Kelber said. It should also be
proportionate, both in terms of whether the accuracy of the location data
gathered serves the intended purpose and whether a less intrusive method is
available.
WHAT ARE OTHER COUNTRIES DOING?
China, the source of the coronavirus epidemic, has introduced a mandatory
traffic-light system
https://www.nytimes.com/
2020/03/01/business/
china-coronavirus-
|surveillance.html that uses smartphone software to determine whether people can
move about or meet.
Individuals rated red or yellow on the Alipay Health Code app are not allowed to
travel or visit public places such as restaurants or shopping malls for 14 or 7
days respectively.
In Taiwan, visitors are required
https://jamanetwork.com/
journals/jama/fullarticle/2762689 on arrival to download a questionnaire using a
QR code and report the airport they came from, their 14-day travel history and
health symptoms.
Those assessed to have low risk receive a text message telling them that they
are free to travel. Those deemed to pose a risk are required to self-isolate for
14 days, with their compliance monitored using location data from their
smartphones.
(Additional reporting by Foo Yun Chee; Editing by Nick Macfie)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
