Health secretary Matt Hancock: Coronavirus response work covered by exemptions from GDPR
'GDPR has a clause excepting work in the overwhelming public interest', says Secretary of State for Health Matt Hancock
GDPR won't inhibit the data-driven element of the UK's coronavirus response.
That's the message today from Secretary of State for Health and Social Care Matt Hancock, pointing out that the EU directive, which post-Brexit UK has effectively absorbed into national law, contains exceptions regarding "the overwhelming public interest".
In a series of tweets, he said: "GDPR does not inhibit use of data for coronavirus response. GDPR has a clause excepting work in the overwhelming public interest. No one should constrain work on responding to coronavirus due to data protection laws.
"We are all having to give up some of our liberties; rights under GDPR have always been balanced against other public interests."
Hancock's GDPR intervention comes on the same day that the government unveils its coronavirus-related legislation, intended to empower the authorities' response to the virus.
It includes enabling more phone and video hearings in court cases, and powers to enable police and immigration officers to enforce public health measures, including detention and isolation "if necessary to protect public health".
It also introduces statutory sick pay from day one for people forced into self-isolation and enabling small businesses to reclaim statutory sick pay from HMRC.
"The new measures we will be introducing in the Emergency Coronavirus Bill this week will only be used when it is absolutely necessary and must be timed to maximise their effectiveness," said Hancock.
Hancock's GDPR statement follows on from advice issued last week by the Information Commissioner's Office (ICO).
"Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing.
"Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health."
The ICO, the statement continued, "is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern". It added: "Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency."
Last week, Prime Minister Boris Johnson called on the technology sector to play its part in the fight against COVID-19, the official designation of the coronavirus outbreak, with a "digital Dunkirk". The global threat posed by COVID-19, however, hasn't stopped state-linked APTs from trying to exploit it.