Currently, any help to contribute fighting the spread of the COVID-19 pandemic is essential. An aid that not only concerns the health sector, food and other basic services provision. Other strategic areas also play an important role –often vital– to improve containment measures, such as technology and data analysis. But in this current context, how can law coexist to the privacy of citizens and priority rights such as life?
Starting from this dilemma and from the need to preserve citizens’ privacy in the current state of alarm, a group of 60 lawyers, international academics and experts have signed a petition addressed to the Spanish Government in relation to personal data treatment through the apps created (and those that may arise) to fight against the pandemic.
One of the signatories of the letter is Dr. Ariel Guersenzvaig, Director of the Master’s Degree in Design and Communication and Co-director of the Master in Web Design and Internet Projects Management, both programmes from Elisava.
This petition has two basic points:
- Support the Government in its use and management of technology related to personal data, already included in the article 9.2 of the General Data Protection Regulation of the European Union for exceptional cases, such as the current coronavirus crisis.
- These personal data must be only be used for one objective and for a specific period of time.
Limits for personal data collection
The limits for personal data collection must be basically of three types:
- Make it safe and proportional. The authorities cannot take advantage of this crisis to increase their control or knowledge of citizens.
- The data conservation must have a clear purpose and an expiration time. The crisis period must have a goal and a limit. It must be avoided that most sensitive data, such as geolocation or health, remain in public, and private actors that can sell it to third parties. A single exception: scientific use until there is a vaccine for COVID-19 within 18 months.
- The development of the tools must be careful with data. Personal data must not be accessible to an undetermined number of natural persons, without the intervention of the specific person.
Finally, the letter stands for a creation of a permanent group, as it already exists for example in Denmark, formed by representatives of the Spanish Government, the scientific community, technology companies and data protection experts…, that prevents it from being implanted “a state of permanent technological surveillance in national territory”.