Fighting the pandemic by renouncing our privacy?
Over the past weeks, governments all over the globe are continuously introducing newer and stricter measures in an attempt to slow down the spreading of the new coronavirus (COVID-19). It is becoming increasingly clearer that the battle against the disease will have to be fought collectively and that people will have to renounce ceratain privileges and rights (i.e. public gathering). Does this mean that we will have to renounce our right to privacy and private data protection? Does European privacy legislation really prevent us from fighting the new coronavirus effectively and thus does not have to be respected?
In EU, data privacy is since 25 May 2018 regulated by the General Data Protection Regulation, which saw private data protection become more harmonised and strenghtened. The processing of personal data is henceforth possible only under specific conditions (see Article 6 GDPR), and GDPR provides for a number of safeguards and rights that allow individuals to control and restrict the processing of their personal data. In light of the fight against the spread of the new coronavirus and in view of the practices in some of the countries (especially China and Israel), the question whether GDPR and its strict provisions encumber attempts to curb the spread of the virus and whether, in order to stop the pandemic, protection of personal data should be set aside?
Closer analysis clearly shows that this is not the case. The GDPR already allows for derogation from some stringent provisions when national security issues are at stake. For example, the Recital 16 states that the GDPR does not apply to issues of protection of fundamental rights and freedoms related to activities concerning national security, while Recital 46 explicitly states that personal data processing should be considered lawful where it is necessary to protect public interest and the vital interests of the data subject as for instance when processing is necessary for monitoring epidemics and their spread. Additionally, GDPR allows personal data processing, when it is necessary in order to protect the vital interests of the data subject or of another natural person (Art 6/1(d)) and for the performance of a task carried out in the public interest or in the exercise of official authority (Art 6/1(e)). GDPR provisions even allow processing of special categories of personal data (i.e. data on ethnic origin, genetic data, biometric data etc.) where this is necessary for provision of health or social care or treatment or the management of health or social care systems and services (Art 9/2(h)) or for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health (Art 9/2(i)).
Considering the above, it should be stressed that even national security issues, such as an epidemic, do not justify unlimited processing of personal data. Personal data processing must still be necessary, appropriate and proportionate to the intended purpose and the data should not be kept and processed for any other purposes. This was expressly pointed out by Andrea Jelinek, Chair of the European Data Privacy Board in her statement on 16 March 2020: “Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic. However, I would like to underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects. Therefore, a number of considerations should be taken into account to guarantee the lawful processing of personal data.” This issue was well illustrated also by the situation in Italy, the EU Member State most severely stricken by the coronavirus. Antonello Soro, the president of Italian data protection body, Garante per la Protezione dei Dati Personali reiterated that data on mobile phones’ locations can be used to determine whether people are in fact staying in their homes only, if the data is merely locational and does not reveal other information about individuals.
While current European legislation allows for certain limitations of privacy in times of crisis, not even a virus epidemic, such as the one we are currently witnessing, does not justify unlimited interference into individuals’ privacy.
The Internet Archive is a non-profit organization that maintains the Open Library, a digital library index, and is dedicated to preserving knowledge. As many of the works in the Internet Archive are under copyright, the Archive uses a system of controlled digital lending based on digital rights management to prevent unauthorized downloading or copying of copyrighted books. In March 2020, due to the circumstances surrounding the COVID-19 pandemic, the Internet Archive established the National Emergency Library, eliminating the waiting lists used in the Open Library and expanding access to books for all readers. In June 2020, the Emergency National Library faced a lawsuit from four book publishers and was ultimately closed.
The 43rd session of the WIPO Standing Committee on Copyright and Related Rights (hereinafter SCCR) made substantial progress on the issues advocated by the A2K Coalition (Access to Knowledge Coalition), which IPI is a member of. This year’s session was the most productive on the issues of exceptions and limitations. James Love (Knowledge Ecology International), a long-time observer at WIPO, described the outcome and the impact of the public interest community as the strongest since the conclusion of the Marrakech Treaty, which brought global copyright exceptions for the benefit of the blind and visually impaired.
Today, March 17, 2023, a symposium on law in the information society is taking place in the golden lecture hall of the Faculty of Law in Ljubljana. Dr. Maja Bogataj Jančič will present copyright aspects of artificial intelligence at the symposium.
The third day of the 43rd session of the WIPO Standing Committee on Copyright and Related Rights is intended for discussion on the topic of exceptions and limitations to copyright, especially in connection with the right to research.