GDPR won't inhibit the data-driven element of the UK's coronavirus response.
That's the message today from Secretary of State for Health and Social Care Matt Hancock, pointing out that the EU directive, which post-Brexit UK has effectively absorbed into national law, contains exceptions regarding "the overwhelming public interest".
In a series of tweets, he said: "GDPR does not inhibit use of data for coronavirus response. GDPR has a clause excepting work in the overwhelming public interest. No one should constrain work on responding to coronavirus due to data protection laws.
"We are all having to give up some of our liberties; rights under GDPR have always been balanced against other public interests."
Hancock's GDPR intervention comes on the same day that the government unveils its coronavirus-related legislation, intended to empower the authorities' response to the virus.
1/2: Public information: GDPR does not inhibit use of data for coronavirus response. GDPR has a clause excepting work in the overwhelming public interest. No one should constrain work on responding to coronavirus due to data protection laws.— Matt Hancock (@MattHancock) March 18, 2020
It includes enabling more phone and video hearings in court cases, and powers to enable police and immigration officers to enforce public health measures, including detention and isolation "if necessary to protect public health".
It also introduces statutory sick pay from day one for people forced into self-isolation and enabling small businesses to reclaim statutory sick pay from HMRC.
"The new measures we will be introducing in the Emergency Coronavirus Bill this week will only be used when it is absolutely necessary and must be timed to maximise their effectiveness," said Hancock.
Hancock's GDPR statement follows on from advice issued last week by the Information Commissioner's Office (ICO).
"Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing.
"Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health."
The ICO, the statement continued, "is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern". It added: "Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency."
Last week, Prime Minister Boris Johnson called on the technology sector to play its part in the fight against COVID-19, the official designation of the coronavirus outbreak, with a "digital Dunkirk". The global threat posed by COVID-19, however, hasn't stopped state-linked APTs from trying to exploit it.
QRANGE is working on a three devices to extend the benefits of true randomness
Eighty-five per cent of Microsoft Exchange Servers vulnerable to remote-code execution security flaw patched last month
Organisations warned to patch protect against CVE-2020-0688 as state-backed APTs start targeting vulnerable Exchange Servers
Brave describes Google's privacy policies as 'hopelessly vague and unspecific'
The deadly virus has already killed more over 6,300 people worldwide
Malwarebytes claims Pakistan state-sponsored group is using a fake Indian government advisory to spread remote-access Trojan