[Mar Valverde]

Good morning to all! 
As you already now, the EDPS answered to the questions of the director-general of DG Connect, about the use of personal data in COVID emergency. 
First, the EDPS underlines that data protection rules currently in force in Europe are flexible enough to allow for various measures in the fight against pandemics. The EDPS also acknowledges and supports the call for an urgent and coordinated effort at the European level.
The communication goes on to discuss key elements. In what concerns data anonymization, the EDPS points out that effective anonymization requires more than the simple removal of obvious identifiers, such as phone numbers and IMEI numbers. Moreover, the European Commission should clearly define the datasets sought for any eventual sharing with or between member states to ensure transparency with the public. It also refers to a Health Security Committee platform that appears to be the vehicle through which the member states would share information.
With respect to data security and access, existing information security and confidentiality provisions would still be in force for any commission staff processing datasets and information (received from operators). Furthermore, where the commission to rely on third parties to process information, those parties would be bound to the same obligations and prohibited on further use, as well. Adequate data transfer measures and controlled access are also stressed. Lastly, data retention is emphasized. Any data obtained from technology operators would need to be deleted once the current emergency has ended. The nature of such services is deemed to be exceptional and temporary in response to the specifics of the pandemic.
Please, find the document here https://edps.europa.eu/sites/edp/files/publication/20-03-25_edps_comments_concerning_covid-19_monitoring_of_spread_en.pdf
Sincerely, 
Mar Valverde 

Discussion