DATA PRIVACY AND DATA PROTECTION, DURING THE CURRENT COVID-19 PANDEMIC
Palavras-chave:
Data Privacy, Data Protection, Covid-19
Resumo
From the very beginning of the current Pandemic, the implementation of mobile applications designed for the location and tracking of infected persons appeared as one of the most promising answers in order to tackle the spread of Covid-19.
As is well known, the EU - European Union has a remarkably robust Legal environment regarding Privacy and Data Protection. Therefore, the EU Institutions and competent bodies tried to address these issues in order to provide a common approach, or at least harmonized approaches, suitable to comply with the relevant rules. Being this a lecture and not an academic conference delivered to peers, we will start with an overview of the EU Legal framework concerning the processing of health-related personal data. Only after, will our focus turn to the pertinent statements from the Institutions and competent bodies.
Referências
COE – Council of Europe [CE – Conselho da Europa]. Convention for the Protection of Human Rights and Fundamental Freedoms, open for signature in Rome, the 4th November 1950 [Convenção Europeia dos Direitos Humanos / Direitos do Homem] <https://www.echr.coe.int/pages/home.aspx?p=basictexts>.
_____. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data – Convention 108, also of the Council of Europe, signed on the 28 January 1981 [Convenção Europeia sobre a Proteção de Dados] <https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108>.
CJEU – Court of Justice of the European Union [Tribunal de Justiça da União Europeia]. Judgment of the Court (Grand Chamber), 8 April 2014, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and Others. Joined Cases C‑293/12 and C‑594/12 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0293>.
______. Judgment of the Court (Grand Chamber), 13 May 2014. Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González. Case C‑131/12 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131>.
______. Judgment of the Court (Grand Chamber) of 6 October 2015. Maximillian Schrems v Data Protection Commissioner. Case C-362/14 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62014CJ0362>.
______. Judgment of the Court (Second Chamber) of 19 October 2016. Patrick Breyer v Bundesrepublik Deutschland. Case C-582/14 <https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1595847494490&uri=CELEX:62014CJ0582>
______. Judgment of the Court (Grand Chamber) of 21 December 2016. Tele2 Sverige AB v Post-och telestyrelsen and Secretary of State for the Home Department v Tom Watson and Others. Joined Cases C-203/15 and C-698/15 <https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1595847793630&uri=CELEX:62015CJ0203>.
[European] Commission [Comissão Europeia]. Recommendation on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis (C(2020)2296final), of 8 April 2020 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32020H0518>.
______. Communication Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection (2020/C 124 I/01), of 17 April 2020 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020XC0417%2808%29>.
ECHR – European Court of Human Rights [Tribunal Europeu dos Direitos do Homem / Corte Europeia dos Direitos Humanos]. Judgment in the Case of Peck v. the United Kingdom (application no. 44647/98), of 28 January 2003 <http://hudoc.echr.coe.int/eng?i=001-60898>.
______. Judgment in the Case of I v. Finland (application no. 20511/03), of 17 July 2008 <http://hudoc.echr.coe.int/eng?i=001-87510>.
______. Judgment in the Cases of S. and Marper v. the United Kingdom (applications no. 30562/04 and 30566/04), of 4 December 2008 <http://hudoc.echr.coe.int/fre?i=001-90051>.
______. Judgment in the case of Roman Zakharov v. The Russian Federation (application no. 47143/06), of 4 December 2015 <http://hudoc.echr.coe.int/fre?i=001-159324>.
EDPB – European Data Protection Board [CEPD – Comité Europeu para a Proteção de Dados, previously Article 29 Working Party / Grupo de Trabalho do Art.º 29.º]. Opinion 05/2014 on Anonymisation Techniques (WP216), adopted on 10 April 2014 <https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf>.
______. Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01), on 4 April 2017, last revised and adopted on 4 October 2017 <https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236>.
______. Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01), of 3 October 2017, last revised and adopted on 6 February 2018 <https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612053>.
______. Guidelines on Article 25 - Data Protection by Design and by Default, no. 4/2019, adopted on 13 November 2019 <https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf>.
______. Statement on the processing of personal data in the context of the COVID-19 outbreak, adopted on 19 March 2020 <https://edpb.europa.eu/our-work-tools/our-documents/outros/statement-processing-personal-data-context-covid-19-outbreak_en>.
______. Guidelines on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, no. 04/2020, adopted on 21 April 2020 <https://edpb.europa.eu/our-work-tools/our-documents/linee-guida/guidelines-042020-use-location-data-and-contact-tracing_en>.
EU – European Union [UE - União Europeia]. Charter of Fundamental Rights of the of the European Union, proclaimed on 7 December 2000, with the wording adopted on 26 November 2012 [Carta dos Direitos Fundamentais da União Europeia] <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:12012P/TXT>
______. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02002L0058-20091219>.
______. Regulation (EU) 2016/679, of the European Parliament and of the Council of 27/04/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [Regulamento Geral sobre a Proteção de Dados] <https://eur-lex.europa.eu/eli/reg/2016/679/oj>.
______. Treaty establishing the European Economic Community, signed in Rome, the 25th March 1957 [Tratado instituindo a Comunidade Económica Europeia / Tratado de Roma] <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12012E%2FTXT>.
______. Treaty of the European Union, originally signed at Maastricht, on 7 February 1992, and amended by the Treaty of Amsterdam, signed on 2 October 1997, and by the Treaty of Nice, signed on 26 February 2001 <https://eur-lex.europa.eu/eli/treaty/teu_2012/oj>.
¬______. Treaty amending the Treaty on European Union and the Treaty establishing the European Community, signed at Lisbon, the 13th December 2007 [Tratado de Lisboa] <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A12007L%2FTXT>.
FRA – European Union Agency for Fundamental Rights [Agência da União Europeia para os Direitos Humanos] / ECHR – European Court of Human Rights / Council of Europe / EPDS – European Data Protection Supervisor [Autoridade Europeia para a Proteção de Dados]. Handbook on European data protection law, 2018 edition [Manual oficioso de várias Instituições, tanto da União Europeia quanto do Conselho da Europa] <https://fra.europa.eu/sites/default/files/fra_uploads/fra-coe-edps-2018-handbook-data-protection_en.pdf>.
_____. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data – Convention 108, also of the Council of Europe, signed on the 28 January 1981 [Convenção Europeia sobre a Proteção de Dados] <https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108>.
CJEU – Court of Justice of the European Union [Tribunal de Justiça da União Europeia]. Judgment of the Court (Grand Chamber), 8 April 2014, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and Others. Joined Cases C‑293/12 and C‑594/12 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0293>.
______. Judgment of the Court (Grand Chamber), 13 May 2014. Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González. Case C‑131/12 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131>.
______. Judgment of the Court (Grand Chamber) of 6 October 2015. Maximillian Schrems v Data Protection Commissioner. Case C-362/14 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62014CJ0362>.
______. Judgment of the Court (Second Chamber) of 19 October 2016. Patrick Breyer v Bundesrepublik Deutschland. Case C-582/14 <https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1595847494490&uri=CELEX:62014CJ0582>
______. Judgment of the Court (Grand Chamber) of 21 December 2016. Tele2 Sverige AB v Post-och telestyrelsen and Secretary of State for the Home Department v Tom Watson and Others. Joined Cases C-203/15 and C-698/15 <https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1595847793630&uri=CELEX:62015CJ0203>.
[European] Commission [Comissão Europeia]. Recommendation on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis (C(2020)2296final), of 8 April 2020 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32020H0518>.
______. Communication Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection (2020/C 124 I/01), of 17 April 2020 <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020XC0417%2808%29>.
ECHR – European Court of Human Rights [Tribunal Europeu dos Direitos do Homem / Corte Europeia dos Direitos Humanos]. Judgment in the Case of Peck v. the United Kingdom (application no. 44647/98), of 28 January 2003 <http://hudoc.echr.coe.int/eng?i=001-60898>.
______. Judgment in the Case of I v. Finland (application no. 20511/03), of 17 July 2008 <http://hudoc.echr.coe.int/eng?i=001-87510>.
______. Judgment in the Cases of S. and Marper v. the United Kingdom (applications no. 30562/04 and 30566/04), of 4 December 2008 <http://hudoc.echr.coe.int/fre?i=001-90051>.
______. Judgment in the case of Roman Zakharov v. The Russian Federation (application no. 47143/06), of 4 December 2015 <http://hudoc.echr.coe.int/fre?i=001-159324>.
EDPB – European Data Protection Board [CEPD – Comité Europeu para a Proteção de Dados, previously Article 29 Working Party / Grupo de Trabalho do Art.º 29.º]. Opinion 05/2014 on Anonymisation Techniques (WP216), adopted on 10 April 2014 <https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf>.
______. Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01), on 4 April 2017, last revised and adopted on 4 October 2017 <https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236>.
______. Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01), of 3 October 2017, last revised and adopted on 6 February 2018 <https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612053>.
______. Guidelines on Article 25 - Data Protection by Design and by Default, no. 4/2019, adopted on 13 November 2019 <https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf>.
______. Statement on the processing of personal data in the context of the COVID-19 outbreak, adopted on 19 March 2020 <https://edpb.europa.eu/our-work-tools/our-documents/outros/statement-processing-personal-data-context-covid-19-outbreak_en>.
______. Guidelines on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, no. 04/2020, adopted on 21 April 2020 <https://edpb.europa.eu/our-work-tools/our-documents/linee-guida/guidelines-042020-use-location-data-and-contact-tracing_en>.
EU – European Union [UE - União Europeia]. Charter of Fundamental Rights of the of the European Union, proclaimed on 7 December 2000, with the wording adopted on 26 November 2012 [Carta dos Direitos Fundamentais da União Europeia] <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:12012P/TXT>
______. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02002L0058-20091219>.
______. Regulation (EU) 2016/679, of the European Parliament and of the Council of 27/04/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [Regulamento Geral sobre a Proteção de Dados] <https://eur-lex.europa.eu/eli/reg/2016/679/oj>.
______. Treaty establishing the European Economic Community, signed in Rome, the 25th March 1957 [Tratado instituindo a Comunidade Económica Europeia / Tratado de Roma] <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12012E%2FTXT>.
______. Treaty of the European Union, originally signed at Maastricht, on 7 February 1992, and amended by the Treaty of Amsterdam, signed on 2 October 1997, and by the Treaty of Nice, signed on 26 February 2001 <https://eur-lex.europa.eu/eli/treaty/teu_2012/oj>.
¬______. Treaty amending the Treaty on European Union and the Treaty establishing the European Community, signed at Lisbon, the 13th December 2007 [Tratado de Lisboa] <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A12007L%2FTXT>.
FRA – European Union Agency for Fundamental Rights [Agência da União Europeia para os Direitos Humanos] / ECHR – European Court of Human Rights / Council of Europe / EPDS – European Data Protection Supervisor [Autoridade Europeia para a Proteção de Dados]. Handbook on European data protection law, 2018 edition [Manual oficioso de várias Instituições, tanto da União Europeia quanto do Conselho da Europa] <https://fra.europa.eu/sites/default/files/fra_uploads/fra-coe-edps-2018-handbook-data-protection_en.pdf>.
Publicado
12-09-2020
Seção
Artigos
