Subscribe to RSS
DOI: 10.1055/s-0041-1726512
A Literature Review on the GDPR, COVID-19 and the Ethical Considerations of Data Protection During a Time of Crisis
Summary
Objective: This survey article presents a literature review of relevant publications aiming to explore whether the EU's General Data Protection Regulation (GDPR) has held true during a time of crisis and the implications that arose during the COVID-19 outbreak.
Method and Results: Based on the approach taken and the screening of the relevant articles, the results focus on three themes: a critique on GDPR; the ethics surrounding the use of digital health technologies, namely in the form of mobile applications; and the possibility of cross border transfers of said data outside of Europe. Within this context, the article reviews the arising themes, considers the use of data through mobile health applications, and discusses whether data protection may require a revision when balancing societal and personal interests.
Conclusions: In summary, although it is clear that the GDPR has been applied through a mixed and complex experience with data handling during the pandemic, the COVID-19 pandemic has indeed shown that it was a test the GDPR was designed and prepared to undertake. The article suggests that further review and research is needed to first ensure that an understanding of the state of the art in data protection during the pandemic is maintained and second to subsequently explore and carefully create a specific framework for the ethical considerations involved. The paper echoes the literature reviewed and calls for the creation of a unified and harmonised network or database to enable the secure data sharing across borders.
Publication History
Article published online:
03 September 2021
© 2021. IMIA and Thieme. This is an open access article published by Thieme under the terms of the Creative Commons Attribution-NonDerivative-NonCommercial License, permitting copying and reproduction so long as the original work is given appropriate credit. Contents may not be used for commercial purposes, or adapted, remixed, transformed or built upon. (https://creativecommons.org/licenses/by-nc-nd/4.0/)
Georg Thieme Verlag KG
Rüdigerstraße 14, 70469 Stuttgart, Germany
-
References
- 1 UK Government. UK Coronavirus Legislation and guidelines. 2020 . Dec 1, [2020-12-18] https://www.legislation.gov.uk/coronavirus. BBC News. Oxford Covid vaccine: Regulator asked to assess jab. 2020. Nov 27 [20202-12-18] Available from: https://www.bbc.com/news/uk-55096434. Luxembourg government. Loi du 1er août 2018 portant organisation de la Commission nationale pour la protection des données et du régime général sur la protection des données. Journal officiel du Grand-Duché de Luxembourg. 2018. Aug 01, [2020-12-18] Available from: https://tinyurl.com/y442zgzz
- 2 European Commission. 2020 Mobile contact tracing apps in EU Member States. [2020-12-18] Available from: https://ec.europa.eu/info/live-work-travel-eu/coronavirus-response/travel-during-coronavirus-pandemic/mobile-contact-tracing-apps-eu-member-states_en
- 3 Fahey RA, Hino A. COVID-19, digital privacy, and the social limits on data-focused public health responses. Int J Inf Manage 2020 Dec;55:102181
- 4 McLennan S, Celi LA, Buyx A. COVID-19: Putting the General Data Protection Regulation to the Test. JMIR Public Health Surveill 2020; May 29; 06 (02) e19279
- 5 Moher D, Liberati A, Tetzlaff J, Altman DG. PRISMA Group. Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. PLoS Med 2009; 6 (07) e1000097
- 6 Becker R, Thorogood A, Ordish J, Beauvais MJS. COVID-19 Research: Navigating the European General Data Protection Regulation. J Med Internet Res 2020 Aug 27 22 (08) e19799
- 7 Bradford L, Aboy M, Liddell K. COVID-19 contact tracing apps: a stress test for privacy, the GDPR and data protection regimes. J Law Biosci 2020 May 28 7 (01) lsaa034
- 8 Audrey Guinchard. Our digital footprint under Covid-19: should we fear the UK digital contact tracing app?. International Review of Law, Computers & Technology 2021; 35 (01) 84-97
- 9 Schneble CO, Elger BS, Martin Shaw D. Data protection during the coronavirus crisis. EMBO Rep 2020; Sep 3 21 (09) e51362
- 10 Shachar C, Gerke S, Adashi EY. AI Surveillance during Pandemics: Ethical Implementation Imperatives. Hastings Cent Rep 2020 May; 50 (03) 18-21
- 11 Stoeger K, Schmidhuber M. The use of data from electronic health records in times of a pandemic-a legal and ethical assessment. J Law Biosci 2020 Jun 16;7(1):lsaa041
- 12 Shabani M, Goffin T, Mertes H. Reporting, recording, and communication of COVID-19 cases in workplace: data protection as a moving target. J Law Biosci 2020 Apr 22; 7 (01) lsaa008
- 13 Newlands M, Lutz C, Tamò-Larrieux A, Fosch Villaronga E, Harasgama R, Scheitlin G. Innovation under pressure: Implications for data privacy during the Covid-19 pandemic. Bog Data & Society 2020; 7: 2 https://doi.org/10.1177/2053951720976680
- 14 Zwitter A, Gstrein OJ. Big data, privacy and COVID-19 - learning from humanitarian expertise in data protection. Int J Humanitarian Action 2020;05(04). Available from: https://doi.org/10.1186/s41018-020-00072-6
- 15 Lucivero F, Hallowell N, Johnson S, Prainsack B, Samuel G, Sharon T. COVID-19 and Contact Tracing Apps: Ethical Challenges for a Social Experiment on a Global Scale. J Bioeth Inq 202 17 (04) 835-9
- 16 Almeida BA, Doneda D, Ichihara MY, Barral-Netto M, Matta GC, Rabello ET. et al. Personal data usage and privacy considerations in the COVID-19 global pandemic. Cien Saude Colet 2020; Jun;25(suppl 1): 2487-92
- 17 Harris M, Bhatti Y, Buckley J, Sharma D. Fast and frugal innovations in response to the Covid-19 pandemic. Nat Med 2020; 26 (06) 814-7
- 18 Alexopoulos AR, Hudson JG, Otenigbagbe O. The Use of Digital Applications and COVID-19. Community Ment Health J 2020 Oct; 56 (07) 1202-3
- 19 Sekalala S, Forman L, Habibi R, Meier BM. Health and human rights are inextricably linked in the COVID-19 response. BMJ Glob Health 2020 Sep; 5 (09) e003359
- 20 Horgan D, Hackett J, Westphalen B, Kalra D, Richer E, Romao M. et al. Digitalisation and COVID-19: The Perfect Storm. Biomed Hub 2020; 5 (03) 1341-63
- 21 Parker MJ, Fraser C, Abeler-Dörner L, Bonsall D. Ethics of instantaneous contact tracing using mobile phone apps in the control of the COVID-19 pandemic. J Med Ethics 2020 Jul; 46 (07) 427-31
- 22 European Data Protection Board. EDPB Guidelines 05/2020 on consent under Regulation 2016/679 (Version 1.1) 2020. May 04, [2020-12-18]. Available from: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf
- 23 European Data Protection Board. Statement by the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak. 2020 Mar 16, [2020-12-18]. Available from: https://edpb.europa.eu/news/news/2020/statement-edpb-chair-processing-personal-data-context-covid-19-outbreak_en
- 24 Helical Innovative Training Network, European Commission Project under the Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 813545.
- 25 European Commission. Communication from the Commission Guidance on Apps supporting the fight against COVID 19 pandemic in relation to data protection 2020/C 124 I/01. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020XC0417%2808%29
- 26 European Data Protection Board. EDPB Letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic. 2020 . Mar 19, [2020-12-18]. Available from: https://edpb.europa.eu/our-work-tools/our-documents/letters/edpb-letter-concerning-european-commissions-draft-guidance_en
- 27 European Commission. Communication “Coronavirus: Commission proposes a Digital Green Certificate”. [2021-03-17] Available from: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_1181