As countries begin to ease their coronavirus (COVID-19) restrictions, data protection and privacy authorities across the world are faced with a fundamental question: how can we enable governments’ responses to the pandemic and subsequent recovery whilst continuing to protect citizens’ personal data and privacy?

Recognising this challenge, the GPA Executive Committee convened for an extraordinary meeting on 23 April 2020, during which Committee members agreed to establish a COVID-19 Taskforce 2020 to drive practical responses to privacy issues emerging from the pandemic, as well as to assist its membership with insight, best practices and the delivery of capacity building activities, including through collaboration with relevant GPA networks and stakeholders.

Taskforce Chair

Raymund Liboro, Privacy Commissioner of the Philippines National Privacy Commission and GPA’s Executive Committee member, chaired the GPA COVID-19 Taskforce 2020.

Mr. Liboro said: “We have seen that personal data and technology have become essential in helping governments respond to the COVID-19 pandemic. From contact tracing and location tracking applications, to COVID-19 testing as people start going back to the workplace, data protection and privacy have never been more important.

“Our aim for this Taskforce is to examine current privacy concerns, while finding the right balance between supporting innovation to combat the pandemic and ensuring people’s personal data and information rights are respected. We will draw on the expertise of our membership and stakeholders to provide useful insight on common challenges.”

Taskforce Membership

The GPA COVID-19 2020 Taskforce Membership included representatives from both GPA Members and Observers from the following countries and organisations:

Australia, Burkina Faso, Canada, Council of Europe, Dubai International Financial Centre Authority, EU Fundamental Rights Agency, European Data Protection Supervisor, Gabon, Georgia, Germany, Hong Kong, International Committee of the Red Cross, Ireland, Israel, Japan, Jersey, Korea, Macao, Mauritius, Mexico, New Zealand, OECD Data Governance and Privacy Unit, Peru, Philippines, San Marino, Sweden, Switzerland, Turkey, United Kingdom, UN Global Pulse, Uruguay, US Federal Trade Commission.

Deliverables of the GPA COVID-19 Taskforce 2020

GPA COVID-19 Taskforce Survey Narrative Report – This Survey of GPA members corroborated the fact that data protection and privacy authorities globally are facing similar issues posed by the pandemic; there were 54 respondents. The results provided a good foundation to outline the priority areas for the ‘Compendium of best practices’ presented at the 42nd GPA 2020 Closed Session.

Compendium of Best Practices in Response to COVID-19 – This Compendium collated the relevant experiences and best privacy practices in the context of the COVID-19 pandemic from across the GPA community. This document provides a valuable reference document for data protection and privacy authorities as well as for health authorities, businesses and other stakeholders involved in the implementation of measures aimed at containing the spread of the COVID-19 disease, placing personal data protection and privacy at the forefront of any COVID-19 response programme.

Resolution on the Privacy and Data Protection Challenges arising from the COVID-19 Pandemic [ES] [FR] – This Resolution was adopted on the 15 October 2020 at the 42nd GPA 2020 Closed Session and established a new temporary Working Group (Working Group on COVID-19 related Privacy and Data Protection Issues) with an initial mandate of one year.

GPA COVID-19 Taskforce 2020 Events

The GPA COVID-19 Taskforce 2020 compiled a Matrix of Deliverables, which specified under terms of reference point 3 and 4 for the Taskforce to engage in appropriate outreach to external stakeholders and to develop capacity-building activities. Detailed below are the subsequent events produced:

Referential Documents

For enquiries related to the GPA COVID-19 Taskforce, please email the GPA Secretariat: