Are we stretching the intentions of GDPR a bit too much when allowing it to fuel the spreading of the Corona virus? Not if you ask Swedish authorities.
I´m personally a fan of the philosophy underpinning GDPR, not only because work with a product that aims to give users back control of their data, but more importantly I think a society that does not protect the privacy of individuals eventually evolves into an Orwellian nightmare.
WHO vs. GDPR
However, we do not turn into Oceania by making sound interpretations of privacy laws when the lives of millions are threatened by a pandemic virus. So, when the WHO director general Tedros Adhanom Ghebreyesus plead to all countries to “Do everything. Find, isolate, test and treat every patient to break the chain of contagion. This fire must be put out!”, Sweden´s State epidemiologists Anders Tegnell leans on GDPR not to heed the call.
Tegnell argues that that a wide spread testing for the virus has “practical, security and GDPR-related complications” and should therefore not be considered. So here we are, facing a global disaster that WHO says can be mitigated by more testing and the bureaucrats point to a regulation that even the EU-commission themselves are not 100% sure on how to comply with.
Cynical or narrow minded?
The purpose of GDPR is to protect the privacy of individuals. If you think it is less important to protect the lives of these individuals, you are either very cynical or extremely narrow minded. Or very wrong.
Sure, health data is certainly considered as sensitive but a fundamental point of GDPR is that you can process data if you have a legal or consensual basis for it. So, if you don’t think a personal consent from the individuals being tested would be enough, you could easily lean on the legal basis of national health laws. Mr Tegnells own organization – The Public Health Agency of Sweden – is explicitly mentioned by the Swedish Data Protection Authority as an agency that has the right to process this kind of data.
A cunning plan
Or perhaps mr Tegnell has a more cunning plan behind his reasoning? If the plan is to enforce consent from people prior to being infected by Corona then this would be a brilliant move. Unfortunately, the virus couldn’t care less about GDPR.
Leave A Reply