Tipologia protec?iei datelor cu caracter personal în situa?ii de criza medicala: coronavirus COVID-19

• Published in: Pandectele române no. 1; pp. 28 - 43
• Main Author: Şandru, Daniel-Mihail
• Format: Journal Article
• Language: Romanian
• Published: Bucharest Wolters Kluwer Romania SRL 01.01.2020
• Subjects: COVID-19; Data integrity; Human rights; Right of privacy
• ISSN: 1582-4756; 2286-0576

Data protection (Art. 8), the right to life (Art. 2), the right to privacy (Art. 8) and the protection of health (Art. 35) are fundamental rights protected by the Charter of Fundamental Rights of the European Union (CDFUE) as well, and by similar or even identical provisions of the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR). The General Data Protection Regulation (GDPR) primarily protects personal data, emphasizing that this right is not absolute (recital 4). On a case-by-case basis, the context of applying special rules regarding personal data of has to be assessed. Data protection in medical crisis situations involves several research directions and typologies in application. First of all, the situation of humanitarian and medical crisis and the restriction of the rights of natural persons, respectively the legislative reaction of the states and organizations, must be taken into account. A critical approach on the „unity in diversity" of the reaction of the member states of the European Union and the European Committee for Data Protection is needed. Secondly, the rights of data subjects as patients or subjects likely to be patients, infected or suspected to be carrying the new SARS-CoV-2 virus (severe acute respiratory syndrome coronavirus 2) must be taken into consideration that triggers COVID-19 disease. Third, the article discusses limiting the rights of individuals in exceptional situations and their application to data protection, including the right to information and the emergence of fake news. Fourth, the relationship between the employee and the employer is modified by establishing procedures for informing the employee, measures to protect him and his protection in relation to the clients, measures that lead to the protection of the other employees and the taking of other technical and organizational measures for data protection. The application of the principles, especially regarding the basis of processing, respectively art. 6 paragraph 1 letter d - „the processing is necessary to protect the vital interests of the data subject or of another natural person" is analyzed in this framework. Fifth, the article addresses data security and the risks associated with using home-based and telework. In conclusions, the need to develop a single guide by the European Data Protection Committee is underlined and references are made to all European Committee guidelines or guidelines or national supervisory authorities as the General Regulation provides few specific interpretation resources. These guidelines are necessary both for the establishment of the operators' actions and for the avoidance of sanctions, the author analyzing the sanctions that refer to the COVID-19 phenomenon or that could involve situations of medical crisis.