Appeal of the European Academy for Freedom of Information and Data Protection: Corona – Fight the pandemic, protect civil rights and data protection!
Berlin, 26 March 2020
The containment of infections with the novel coronavirus is an unprecedented challenge for democratic societies in terms of its scale and globality. They must face the pandemic and its consequences with determination while preserving their fundamental values. Another cause for concern, however, is the uncertainty in the application of data protection rules.
Time and again these days there are demands that data protection and civil rights should take second place to infection control. All over the world, massive restrictions on the freedom of movement have been introduced. Such measures have been supplemented by various procedures for data collection and monitoring, up to and including total control and complete merging of the most diverse databases. At present, without regard to the constitutional principle of proportionality, in particular the prohibition of excessive measures, almost everything that appears technically possible has been proposed instead of examining what is really suitable and necessary.
We underline: Even in the corona crisis, personal rights remain – in the words of the German Federal Constitutional Court – “an elementary functional condition of a free and democratic society based on the ability of its citizens to act and participate”. They must not be permanently restricted beyond the already existing legal possibilities of intervention, rashly and without the necessary careful consideration, so that the state of emergency becomes the norm. All newly considered measures must be measured against whether they are really targeted and necessary for effective pandemic control and whether they respect the constitutional principle of proportionality. The unilateral pursuit of comprehensive security must not be allowed to interfere with the previous social consensus on the value-setting significance of civil liberties and personal rights in such a way that there is a long-lasting shift in favour of state surveillance and at the expense of free and unobserved action, movement and communication by citizens. A time limit on new legal powers (sunset clauses) and their independent evaluation is essential in order to be able to properly assess their suitability and necessity for the future.
Citizens legitimately expect all parties involved to provide information for the prevention and control of the pandemic. However, this also goes hand in hand with the unconditional duty of those responsible to handle personal data with care.
The right of the individual to the protection of his personal data – especially as far as health data are concerned – is not at the disposal of the legislator or the controller, even and especially in times of crisis, for good reason. At the same time, when interpreting data protection law, the vital or health-related interests of individuals and society must be taken into account. In this case, the law assigns to the data controller the duty to balance the interests involved in an appropriate manner.
This pandemic poses a threat. The personal data necessary to combat it and to ensure the functioning of public health care may be processed in order to protect vital interests. In the case of public bodies, doctors and medical institutions charged with combating the pandemic, data processing is carried out in accordance with the German Protection Against Infection Act. The EU General Data Protection Regulation (GDPR) allows companies to process personal data as a so-called “legitimate interest”, insofar as this is necessary to protect the health and lives of their employees and customers or to maintain operations.
All organisations involved should be aware of the ensuing responsibility for the protection of such data, without preventing or delaying the necessary decisions.
Data protection demands data minimisation, ensuring that data is used for specific purposes only and that measures and any new legal powers are clearly limited in time. In the crisis, information and communication technology shows its potential as well as its limits.
The signatories refer to the principles and guidelines on data protection in the Corona crisis published by the data protection authorities and are committed to updating them in the light of current developments and making them directly available to users.
Gerhart Baum, Lawyer, Former Federal Minister for Interior
Hartmut Bäumer, Chairman, Transparency International Germany
Dr. Stefan Brink, State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg
Prof. Dr. Franziska Boehm, Karlsruhe Institute of Technology/FIZ Karlsruhe, Leibniz Institute for Information Infrastructure
Prof. Dr. Alfred Büllesbach, University of Bremen, Former Group Privacy Officer and State Commissioner for Data Protection of the Free Hanseatic City of Bremen (retired)
Ann Cavoukian, Ph.D., LL.D. (Hon.), M.S.M. Executive Director, Global Privacy & Security by Design Centre, Canada
Prof. Dr. Mark D. Cole, University of Luxembourg and Scientific Director of the Institute for European Media Law, Saarbrücken
Malcolm Crompton, Founder & Lead Privacy Advisor at Information Integrity Solutions Pty Ltd; former Privacy Commissioner of Australia
Prof. Dr. Herta Däubler-Gmelin, lawyer, Former Federal Minister of Justice
Dr. Alexander Dix, Former Berlin Commissioner for Data Protection and Freedom of Information
Dr. Rob van Eijk, Future of Privacy Forum and ex Dutch DPA, Brussels
Prof. David Harris Flaherty, privacy and information policy consultant; former information and privacy commissioner for British Columbia, Canada
Prof. Dr. Gloria González Fuster, Law, Science, Technology & Society (LSTS), Vrije Universiteit Brussel (VUB)
Prof. Dr. Dr. Hansjürgen Garstka, Former Berlin Commissioner for Data Protection and Freedom of Information
Marie Georges, Independent international DP expert, ex at French DPA, Paris
Maria da Graça Canto Moniz, Assistant Professor at University Lusófona, Portugal
Prof. Dr. Max von Grafenstein, LL.M., Professor “Digital Self-Determination” at the Einstein Center Digital Future (University of the Arts), Co-Head “Data, Actors, Infrastructure” at the Alexander von Humboldt Institute for Internet and Society, Berlin
Marit Hansen, State Commissioner for Data Protection and Freedom of Information, Schleswig-Holstein
Dagmar Hartge, The State Commissioner for Data Protection
and for the right of access to files, Brandenburg
Prof. Dr. Dr. h.c. Dirk Helbing, Computational Social Science, ETH Zurich / TU Delft / Complexity Science Hub Vienna
Prof. dr. Paul De Hert, Vrije Universiteit Brussel, VUB – Tilburg University, TILT
Vice-Dean Faculty Law & Criminology VUB
Dr. Gus Hosein, Privacy International, London
Peter Hustinx, Former European Data Protection Supervisor
Rikke Frank Jørgensen, Senior Researcher, Danish Institute for Human Rights
Prof. Ulrich Kelber, The Federal Commissioner for Data Protection and Freedom of Information, Bonn
Dr. Dennis-Kenji Kipker, University of Bremen
Jacob Kohnstamm, Former Chair of the Dutch Data Protection Aurhority and chair of Article 29 Working Party, Amsterdam
Douwe Korff, Emeritus Professor of International Law, London Metropolitan UniversityAssociate, Oxford Martin School, Oxford University
Prof. Christopher Kuner, Co-Chair, Brussels Privacy Hub, VUB Brussels
Sabine Leutheusser-Schnarrenberger, Former Federal Minister of Justice, Deputy Chair of the Friedrich Naumann Foundation, Germany
David Loukidelis QC, former Information and Privacy Commissioner for British Columbia and former Deputy Minister of Justice for British Columbia
Jan Mönikes, Lawyer and author
Klaus Müller, Chairman, Federation of German Consumer Organisations, Berlin
Karsten Neumann, Former State Commissioner for Data Protection and Freedom of Information Mecklenburg-Vorpommern
Dr. Karel Neuwirt, Former Data Protection Commissioner for the Czech Republic, Prague / External Data Protection teacher, University of South Bohemia in Ceske Budejovice, the Czech Republic
Dr. Christoph Partsch, Lawyer, Partsch & Partner, Berlin
Prof. Dr. Thomas Petri, The Bavarian State Commissioner for Data Protection
Francesco Pizzetti, Former President of Italian data protection Authority and professor emeritus of Costitutional law at the University of Turin
Dr. Nataša Pirc Musar, Law Firm Pirc Musar & Lemut Strle, former slovenian Information Commissioner
Dr. Jörg Pohle, Alexander von Humboldt Institute for Internet and Society, Berlin
Yves Poullet, Professor emeritus University of Namur, Prof. associate Catholic University of Lille, Member of the Royal Academy of Belgium
Marc Rotenberg, President, Electronic Privacy Information Center (EPIC), Washington D.C.
Peter Schaar, Former Federal Commissioner for Data Protection and Freedom of Information, Germany
Sebastian Schweda, Lawyer, Bonn
Dr. Imke Sommer, State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen
Prof. Dr. Indra Spiecker called Döhmann, Goethe Universität Frankfurt a.M., Director Data Protection Research Centre
Prof. Dr. Marie-Theres Tinnefeld, München
Elpida Vamvaka, President, Homo Digitalis, Greece
Dr. Stefan Walz, Former State Commissioner for Data Protection of the Free Hanseatic City of Bremen
Prof. Dr. Harald Welzer, Council for Digital Ecology, Foundation Futurzwei, Berlin
Anke Zimmer-Helfrich, Head of Magazines Law of New Media, Editor-in-Chief Journal for Data Protection, Verlag C.H.Beck
Prof. Dr. Katharina Zweig, TU Kaiserslautern, Director, Algorithm Accountability Labs