Appeal of the European Academy for Freedom of Information and Data Protection: Corona – Fight the pandemic, protect civil rights and data protection!

Berlin, 26 March 2020

The containment of infections with the novel coronavirus is an unprecedented challenge for democratic societies in terms of its scale and globality. They must face the pandemic and its consequences with determination while preserving their fundamental values. Another cause for concern, however, is the uncertainty in the application of data protection rules.

Time and again these days there are demands that data protection and civil rights should take second place to infection control. All over the world, massive restrictions on the freedom of movement have been introduced. Such measures have been supplemented by various procedures for data collection and monitoring, up to and including total control and complete merging of the most diverse databases. At present, without regard to the constitutional principle of proportionality, in particular the prohibition of excessive measures, almost everything that appears technically possible has been proposed instead of examining what is really suitable and necessary.

We underline: Even in the corona crisis, personal rights remain – in the words of the German Federal Constitutional Court – “an elementary functional condition of a free and democratic society based on the ability of its citizens to act and participate”. They must not be permanently restricted beyond the already existing legal possibilities of intervention, rashly and without the necessary careful consideration, so that the state of emergency becomes the norm. All newly considered measures must be measured against whether they are really targeted and necessary for effective pandemic control and whether they respect the constitutional principle of proportionality. The unilateral pursuit of comprehensive security must not be allowed to interfere with the previous social consensus on the value-setting significance of civil liberties and personal rights in such a way that there is a long-lasting shift in favour of state surveillance and at the expense of free and unobserved action, movement and communication by citizens. A time limit on new legal powers (sunset clauses) and their independent evaluation is essential in order to be able to properly assess their suitability and necessity for the future.

Citizens legitimately expect all parties involved to provide information for the prevention and control of the pandemic. However, this also goes hand in hand with the unconditional duty of those responsible to handle personal data with care.

The right of the individual to the protection of his personal data – especially as far as health data are concerned – is not at the disposal of the legislator or the controller, even and especially in times of crisis, for good reason.  At the same time, when interpreting data protection law, the vital or health-related interests of individuals and society must be taken into account. In this case, the law assigns to the data controller the duty to balance the interests involved in an appropriate manner.

This pandemic poses a threat. The personal data necessary to combat it and to ensure the functioning of public health care may be processed in order to protect vital interests. In the case of public bodies, doctors and medical institutions charged with combating the pandemic, data processing is carried out in accordance with the German Protection Against Infection Act. The EU General Data Protection Regulation (GDPR) allows companies to process personal data as a so-called “legitimate interest”, insofar as this is necessary to protect the health and lives of their employees and customers or to maintain operations.

All organisations involved should be aware of the ensuing responsibility for the protection of such data, without preventing or delaying the necessary decisions.

Data protection demands data minimisation, ensuring that data is used for specific purposes only and that measures and any new legal powers are clearly limited in time. In the crisis, information and communication technology shows its potential as well as its limits.

The signatories refer to the principles and guidelines on data protection in the Corona crisis published by the data protection authorities and are committed to updating them in the light of current developments and making them directly available to users.

Gerhart Baum, Lawyer, Former Federal Minister for Interior

Hartmut Bäumer, Chairman, Transparency International Germany

Dr. Stefan Brink, State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg

Prof. Dr. Franziska Boehm, Karlsruhe Institute of Technology/FIZ Karlsruhe, Leibniz Institute for Information Infrastructure

Prof. Dr. Alfred Büllesbach, University of Bremen, Former Group Privacy Officer and State Commissioner for Data Protection of the Free Hanseatic City of Bremen (retired)

Ann Cavoukian, Ph.D., LL.D. (Hon.), M.S.M. Executive Director, Global Privacy & Security by Design Centre, Canada

Prof. Dr. Mark D. Cole, University of Luxembourg and Scientific Director of the Institute for European Media Law, Saarbrücken

Malcolm Crompton, Founder & Lead Privacy Advisor at Information Integrity Solutions Pty Ltd; former Privacy Commissioner of Australia

Prof. Dr. Herta Däubler-Gmelin, lawyer, Former Federal Minister of Justice

Dr. Alexander Dix, Former Berlin Commissioner for Data Protection and Freedom of Information

Dr. Rob van Eijk, Future of Privacy Forum and ex Dutch DPA, Brussels

Prof. David Harris Flaherty, privacy and information policy consultant; former information and privacy commissioner for British Columbia, Canada

Prof. Dr. Gloria González Fuster, Law, Science, Technology & Society (LSTS), Vrije Universiteit Brussel (VUB)

Prof. Dr. Dr. Hansjürgen Garstka, Former Berlin Commissioner for Data Protection and Freedom of Information

Marie Georges, Independent international  DP expert, ex at French DPA, Paris

Maria da Graça Canto Moniz, Assistant Professor at University Lusófona, Portugal

Prof. Dr. Max von Grafenstein, LL.M., Professor “Digital Self-Determination” at the Einstein Center Digital Future (University of the Arts), Co-Head “Data, Actors, Infrastructure” at the Alexander von Humboldt Institute for Internet and Society, Berlin

Marit Hansen, State Commissioner for Data Protection and Freedom of Information, Schleswig-Holstein

Dagmar Hartge, The State Commissioner for Data Protection
and for the right of access to files, Brandenburg

Prof. Dr. Dr. h.c. Dirk Helbing, Computational Social Science, ETH Zurich / TU Delft / Complexity Science Hub Vienna

Prof. dr. Paul De Hert, Vrije Universiteit Brussel, VUB – Tilburg University, TILT
Vice-Dean Faculty Law & Criminology VUB

Dr. Gus Hosein, Privacy International, London

Peter Hustinx, Former European Data Protection Supervisor

Rikke Frank Jørgensen, Senior Researcher, Danish Institute for Human Rights

Prof. Ulrich Kelber, The Federal Commissioner for Data Protection and Freedom of Information, Bonn

Dr. Dennis-Kenji Kipker, University of Bremen

Jacob Kohnstamm, Former Chair of the Dutch Data Protection Aurhority and chair of Article 29 Working Party, Amsterdam

Douwe Korff, Emeritus Professor of International Law, London Metropolitan UniversityAssociate, Oxford Martin School, Oxford University

Prof. Christopher Kuner, Co-Chair, Brussels Privacy Hub, VUB Brussels

Sabine Leutheusser-Schnarrenberger, Former Federal Minister of Justice, Deputy Chair of the Friedrich Naumann Foundation, Germany

David Loukidelis QC, former Information and Privacy Commissioner for British Columbia and former Deputy Minister of Justice for British Columbia

Jan Mönikes, Lawyer and author

Klaus Müller, Chairman, Federation of German Consumer Organisations, Berlin

Karsten Neumann, Former State Commissioner for Data Protection and Freedom of Information Mecklenburg-Vorpommern

Dr. Karel Neuwirt, Former Data Protection Commissioner for the Czech Republic, Prague / External Data Protection teacher, University of South Bohemia in Ceske Budejovice, the Czech Republic

Dr. Christoph Partsch, Lawyer, Partsch & Partner, Berlin

Prof. Dr. Thomas Petri, The Bavarian State Commissioner for Data Protection

Francesco Pizzetti, Former President of Italian data protection Authority and professor emeritus of Costitutional law at the University of Turin

Dr. Nataša Pirc Musar, Law Firm Pirc Musar & Lemut Strle, former slovenian Information Commissioner

Dr. Jörg Pohle, Alexander von Humboldt Institute for Internet and Society, Berlin

Yves Poullet, Professor emeritus University of Namur, Prof. associate Catholic University of Lille, Member of the Royal Academy of Belgium

Marc Rotenberg, President, Electronic Privacy Information Center (EPIC), Washington D.C.

Peter Schaar, Former Federal Commissioner for Data Protection and Freedom of Information, Germany

Sebastian Schweda, Lawyer, Bonn

Dr. Imke Sommer, State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen

Prof. Dr. Indra Spiecker called Döhmann, Goethe Universität Frankfurt a.M., Director Data Protection Research Centre

Prof. Dr. Marie-Theres Tinnefeld, München

Elpida Vamvaka, President, Homo Digitalis, Greece

Dr. Stefan Walz, Former State Commissioner for Data Protection of the Free Hanseatic City of Bremen

Prof. Dr. Harald Welzer, Council for Digital Ecology, Foundation Futurzwei, Berlin

Anke Zimmer-Helfrich, Head of Magazines Law of New Media, Editor-in-Chief Journal for Data Protection, Verlag C.H.Beck

Prof. Dr. Katharina Zweig, TU Kaiserslautern, Director, Algorithm Accountability Labs