Covid-19 pandemic presents new ethical challenges regarding data protection. The importance of protecting personal data collides with the importance of health research and preserving the public health. Therefore, new guidelines on data protection are necessary.^[1]

New mobile applications developed by governments and private companies can track the citizens’ symptoms, collect, process and share data on individuals in order to limit the virus’ spread.^[1][2] If a user turns out to be positive on COVID-19, the application reports this to the relevant health authorities.^[1]  Some argue that this may be a useful tool to cope with the increasing number of the infected citizens and verifying the population’s fulfilment of isolation and quarantine duties.^[1] A team at Oxford University conducted a study which showed that the number of coronavirus cases and deaths could be reduced if about 60% of the population, or even less, use the digital contact tracing app.^[3] Nevertheless, this practice poses ethical risks and challenges.^[1] Digital tracing applications have been widely criticized because they provide authorities with the possibility of collecting sensitive data in the future, even after the pandemic.^[2] Therefore, the European Data Protection Board (EDPB) stresses the importance of protecting personal data during the pandemic.^[1][2]

With regard to that, new guidelines on data protection and data sharing should meet specific principles. They should rely on a legal basis that would guarantee the lawfulness and transparence of data processing.^[2]

ResearchersPolicy-makersfunding agencies

Data Protection Authorities in the EU and the EDPB have emphasized that data protection rules cannot override the measures implemented to fight against the pandemic.^[1] According to the European Union General Data Protection Regulation (GDPR), “the processing of special categories of personal data may be necessary for reasons of public interest in the areas of public health without consent of the data subject” and “such processing should be subject to suitable and specific measures so as to protect the rights and freedoms of natural persons”.^[2] However, “such processing of data concerning health for reasons of public interest should not result in personal data being processed for other purposes by third parties such as employers or insurance and banking companies”.^[2]

In April 2020 the EDPB has released Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak. The guidelines stated that both consent of the data subject and GDPR can provide legal basis for data processing concerning health in the COVID-19 pandemic.^[3] Apart from that, the EU and the national legislator of each Member State can enact specific laws with regard to that.^[2] Sensitive data such as health data (i.e. data related to the physical or mental health of a person) must have higher protection because processing them could have negative impacts for data subjects.^[3] The guidelines emphasized that principles of transparency, data minimization and storage limitation as well as integrity and confidentiality should be respected.^[3]

These guidelines, however, will keep developing further and in more detail as guidance for the processing of health data for the purpose of scientific research is part of the annual work plan of the EDPB.^[3]

These collected data and guidelines will improve future scientific researches.

However, some improvements could be recommended:

- some of the data could be false positive, which will have a direct impact to the result, and the result will be incorrect. This is something we are trying to avoid in the trials.

- some of the individuals may not be comfortable sharing their personal data, as the pandemic is still going on but with the decreased intensity, we will have to learn to live with the COVID 19.

-data should be stored in a safe place and it could be accessed only by authorized persons