The coronavirus crisis continues to lead to the use of individuals’ personal data in new and sometimes unexpected ways. In this briefing, we consider some possible data protection issues that could arise in connection with proposals by the Spanish government to establish a register of citizens who refuse the COVID-19 vaccination and share this with other European countries.
All data controllers collecting (or planning to collect) data subjects’ personal information for purposes connected with the COVID-19 pandemic will need to consider various questions to ensure that such personal data is processed fairly, proportionately and transparently and in compliance with applicable data protection rules.
These include, among other things, the principles of fair, lawful and transparent processing, ensuring appropriate legal bases for processing, purpose limitation, data minimisation, accuracy, storage limitation and integrity and confidentiality.
Any personal data, especially special category health-related data, that is processed in connection with the pandemic should be handled carefully. As the UK Information Commissioner has made clear, action will be taken against any data controllers misusing personal information to exploit the situation or take advantage of this serious public health emergency.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.