By Ivonne Sanchez, teacher "Other sectors and regulations linked to Data Protection" in it master in Compliance & Data Protection Management of the EIP International Business School wanted to share with us the following post.
Data protection during alarm status
We are a set of data circulating on the Internet, our preferences and choices are information that feeds statistics, calculations and profiles that are made about us as consumers, voters, patients, citizens, etc. There is a lot of information about us on the Internet, during the state of alarm the use of new technologies has increased, bringing with it the circulation and processing of data to a higher level. This large-scale management can pose a high risk if it is not carried out under the principles extolled by the RGPD.
Regarding the health decisions adopted by the competent authorities due to the coronavirus pandemic, it is necessary to specify that data protection regulations should not be used to hinder or limit the effectiveness of the measures adopted by said authorities in the fight against the pandemic. .
Is my data protected during the state of alarm?
The state of alarm for the management of the health crisis caused by Covid-19 meant the limitation of our fundamental rights in multiple areas. In terms of data protection, recital 46 of the GDPR states that such processing can be generated in response to multiple reasons, both public interest and humanitarian purposes, including the vital interest of another person when there is no other legal basis.
In addition, art. 6 GDPR considers that vital interest as a legal basis is sufficient for the processing of personal data aimed at protecting those people who are susceptible to being infected. However, for the processing of health data it is not enough for there to be a legal basis as cited in art. 6 GDPR, but in accordance with art. 9.1 and 9.2 GDPR, there must be a circumstance that overlies the prohibition of processing of said special category of data (including health data).
Is it possible to process workers' health data related to Covid-19?
In application of health and occupational risk prevention regulations, employers may process the data of their workers in order to guarantee their health and that of other personnel, avoiding infections in the workplace and its subsequent spread. For this reason, it is necessary to know if a worker is infected or not, in order to activate the mechanisms or contingency plans that have been provided by the health authorities.
It will be possible to obtain this information through direct and specific questions that are limited to knowing the existence of symptoms or their subsequent treatment. In addition, if required, employers may transmit said information to the competent authorities, maintaining the privacy and anonymity of the affected workers.
Can the authorities demand any type of data from me?
No, the massive and indiscriminate collection of personal data violates the principles of necessity and proportionality in its processing. Such exposure is a potential attack on the rights and freedoms of citizens, since a large amount of uncontrolled data increases the risk that said data will be stolen, adulterated or end up in the wrong hands. In any case, the processing of this data must comply with the principles established in the GDPR, in particular those of minimization, limitation of purpose and minimization of conservation.
Do you want to specialize in Compliance Management and data protection?
He Master in Compliance & Data Protection Management will make you a highly qualified professional with the necessary skills to carry out specialized tasks in two of the most relevant areas for both private businesses as for public administrations: data protection and regulatory compliance or Compliance.
