In view of the critical moment that we are all experiencing, with the declaration of a state of emergency and the limitation of certain Rights, Freedoms and Guarantees, it is important to address these limitations within the scope of Data Protection Law, taking into account the General Regulation on Data Protection ( “GDPR”) and Law No. 58/2019 of 8 August (GDPR Execution Law - “LERGPD”).
Alluding to the communiqué of the European Committee for Data Protection (“Committee”), dated 16.03.2020, the GDPR already provides for rules to be applied to the processing of personal data in a context such as COVID-19, be it this treatment carried out by public or private entities.
The GDPR already comprises the fundamentals of lawfulness and exception to the processing of special category data (such as health data) allowing employers and competent public health authorities to process personal data - in the context of pandemics -, without the need to obtain the consent of the data subject - eg when the processing of personal data must necessarily be carried out by employers, for reasons of public interest, namely in the area of public health or for the protection of vital interests.
On this point, it is important to highlight the recommendations of some European supervisory authorities responsible for data protection, such as the Garante Per La Protezione Dei Dati Personali (Italian Supervisory Authority), the Commission Nationale de l'Informatique et des Libertés (French supervisory authority) and An Coimisiún a Chosaint Sonraí / Data Protection Commission (Irish supervisory authority).
To find out more, you can access our News Flash here.