In light of the current pandemic the Information Commissioners Office (ICO) has announced that it will relax enforcement of data protection laws throughout the pandemic.
Information Commissioner Emily Denham explained: “Against this backdrop, it is right that we must adjust our regulatory approach.
“Our UK data protection law is not an obstacle to such flexibility. It explicitly sets out the importance of my office taking regard of the general public interest, and allows for people’s health and safety to be prioritised without the need for legislative amendment.
“A principle underpinning data protection law is that the processing of personal data should be designed to serve mankind”.
In response as to whether these moves were to assist in contact tracing to fight the virus, the ICO issued this statement:
“We have been notified by Google and Apple regarding their work to support Contact Tracing initiatives. During these unprecedented times data protection law can work flexibly to protect lives and data.
“We will be reviewing the technical details and engaging with Google and Apple as their work continues to ensure privacy issues are considered, while also taking into account the compelling public interest in the current emergency”.
Data legislation had already been slackened last month to allow for the use of the public’s mobile data, for generalised location data trend analysis, The ICO’s Deputy Commissioner Steve Wood said: “In these circumstances, privacy laws are not breached as long as the appropriate safeguards are in place.”
Part of the ongoing shifts in approach by the ICO was acknowledged by Health Secretary Matt Hancock, stating “GDPR has a clause excepting work in the overwhelming public interest. No one should constrain work on responding to coronavirus due to data protection laws.”
1/2: Public information: GDPR does not inhibit use of data for coronavirus response. GDPR has a clause excepting work in the overwhelming public interest. No one should constrain work on responding to coronavirus due to data protection laws.
— Matt Hancock (@MattHancock) March 18, 2020
The European Data Protection Board (EDPB) released a statement yesterday along the same lines, outlining the fact that their approach to data protection will be eased while the virus is drastically affecting public life:
“This guidance on data protection and privacy implications complements the European Commission’s Recommendation on apps for contact tracing, setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the COVID-19 crisis.”