With the COVID-19 outbreak affecting humanity on a pandemic level, industry is gearing up to find the right tools to tackle the crisis. The tech community could be no exception. Hackathons are already being organised and sponsored by tech and social media giants, national and regional partners. The situation has strongly motivated the tech world to join forces in order to develop any solution that could be of aid. And the effort is not futile. Numerous apps have already been launched and made more widely available to facilitate long-distance working, off-premises diagnosis, efficient delivery of necessities as well as health-status reporting to map the spread of the virus.

The breadth of the legal issues that may be of concern for such solutions is large, depending on the services that are to be provided. Perhaps most universally, it is safe to assume that most – if not all – new apps need to heavily rely on user data to meet the needs of the current, socially-distanced reality. Analysis of the location data of the general population, especially of people suspected of having contracted the virus to others, is certainly an exercise of high value in the pursuit of slowing down the spread of the virus. Health status self-reporting to try to predict probable future outbreaks is something that already-available apps are trying to do. These efforts have the potential to produce life-saving results that can only be achieved through the processing of extremely sensitive data. This could involve inputs of medical history records, regular temperature measurements and breathing assessments – to name a few.

The collection, processing and sharing of such personal data must be fully understood by the users of such apps in order to meet the consent requirements of relevant EU and national privacy laws. Understanding the necessity of the rapid deployment of such apps, we urge innovators to be clear with users as to:

  • What data will be processed;
  • Whether special (e.g. health) data will be processed;
  • Who will be processing their data;
  • The purposes of the data processing;
  • Whether data will be shared and for which reason;
  • Whether data will be transferred across jurisdictions;
  • The duration of the retention of their data; and
  • Any other matter that may be relevant to their data.

Users should also be informed of their rights in relation to their personal data and should be granted such rights to access, receive, transfer, modify and erase their data, as well as to object to certain types of processing.

Recognising the pressing necessity to work jointly to effectively counter the challenges created by this pandemic, we wish to offer our expertise in relation to the legal issues faced by any undertaking that seeks to provide solutions for this global crisis.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.