GDPR still applies while mobile phone operators are urged to share their data to help curb the spread of COVID-19
The General Data Protection Regulation (GDPR) protects the privacy and security of data of European citizens, institutions and businesses. It applies to personal data, data processing, data subjects, data controllers and data processors. The European Commission aims to use data to map the spread of the COVID-19 in order to improve the response, while continuing to adhere to the GDPR.
The European Commission has urged the largest European telecom operators to share (anonymised and aggregated) data from across the region to map COVID-19 and improve a targeted response. The plans make it possible for the Commission to access the data and use it to improve the response to COVID-19. The data is not used to track whether people are complying with the restrictions in place.
Many telecom operators have already started sharing (anonymised) data with their national health authorities in Italy, Germany and Austria. This data makes it possible to map the concentrations and movements of people in ‘hot zones’ where COVID-19 has struck harder. Citizens in these areas need to comply with the (national and local) social distancing rules in order to contain the virus and relieve the pressure on the healthcare system.