This section of the GPA COVID-19 Response Repository features information on the new temporary Working Group on COVID-19 Related Privacy and Data Protection Issues. Here you’ll find regular updates on progress and information on initiatives for the GPA Membership community and wider audience.
Compendium of Best Practices in Response to COVID-19
At the Close Session of the 42nd Global Privacy Assembly conference, the Compendium of Best Practices in Response to COVID-19 (Part I) was presented by the Office of the Privacy Commissioner for Personal Data, Hong Kong, China (PCPD). It was one of the deliverables of the GPA COVID-19 Taskforce (predecessor of the COVID-19 Working Group).
The Compendium (Part I) contains relevant experience and cases of best practices of privacy protection contributed by 32 GPA members and observers through a survey conducted by the PCPD in August and September 2020, in relation to the following five topics:
- Contact tracing and location tracking
- Sharing of health data with health authorities and institutions
- Sharing of health data with law enforcement agencies
- Sharing of health data with charitable or other similar organisations
- Handling of employee data in work-from-home / return-to-work situations
As a continuation of Part I, at the Closed Session of the 43rd Global Privacy Assembly conference, the PCPD (as the lead of the Working Group’s sub-group 1 on emerging issues) presented the Part II of the Compendium of Best Practices in Response to COVID-19 to GPA members.
The Compendium (Part II) contains relevant experience and cases of best practices of privacy protection contributed by 32 GPA members and observers through a survey conducted by the PCPD in June and July 2021, in relation to the following four topics:
- Health passports
- Health monitoring of incoming travellers and returning nationals
- Contact tracing measures
- Handling of children’s or students’ data in e-learning technologies
The Working Group hopes that both parts of the Compendium will serve a good reference for the protection of privacy on the road to recovery from the pandemic.
Please see Compendiums below:
- Compendium of Best Practices in Response to COVID-19 (Part I)
- Compendium of Best Practices in Response to COVID-19 (Part II)
Roundtable – ‘Summary of COVID-19 Lessons Learned’
On August 24 2021, leaders of the Working Group’s sub-group 2 on Regulatory capacity building – regulators from the Dubai International Financial Centre Authority (DIFC) and the Jersey Information Commissioner’s Office – and the Centre for Information Policy Leadership (CIPL), held a Roundtable ‘Summary of COVID-19 Lessons Learned’.
This Roundtable looked back at how regulators and organisations handled the data use and privacy aspects of responding to the pandemic, as well as discussing key lessons learned from this experience and what it means moving forward.
The objectives for the Roundtable were focused on identifying the most common issues. The regulators from the DIFC and Jersey also presented the key findings of a recent study by the Global Privacy Assembly COVID-19 Working Group.
Please see the related documents below:
- GPA C-19 Roundtable Summary – Lessons Learned and the New Future
- GPA C-19 WG and CIPL – Lessons Learned
- COVID 19 regulatory capacity survey results – final WG2 report
GPA Executive Committee Joint Statement
On 31 March 2021 the GPA Executive Committee published the Joint Statement on the use of health data for domestic and international travel purposes.
This Joint Statement was proposed to the Executive Committee by Privacy Commissioner Raymund Enriquez Liboro, National Privacy Commission (NPC), Philippines, Chair of the GPA Working Group on COVID-19 related privacy and data protection issues, and drafted in collaboration with the working group members.
This landmark document, marks the first GPA Executive Committee Joint Statement published using the Joint Statement on emerging issues mechanism adopted by Resolution at the 42nd GPA 2020 Closed Session. The GPA effectively came together with a single voice on the COVID-19 pandemic’s issues of serious global common concern, and will be using such joint statements to give its common view on other emerging issues, COVID-19-focussed or otherwise, as they arise.
Privacy Commissioner, Raymund Enriquez Liboro, NPC, Philippines, Chair of the GPA COVID-19 Working Group commented:
“New modes of contact tracing are currently at play in domestic and international travel. As with all new technologies that involve sensitive data, comprehensive scrutiny must be done. Until then, maximum caution must be adopted and an openness to adopt new other measures must remain.
“The GPA issues this joint statement to help governments and businesses create and implement policy and technology standards that are one with the personal data protection and privacy principles of effectiveness, proportionality and necessity.”
While countries are still grappling with the impact of the COVID-19 pandemic, data protection and privacy authorities across the world are faced with a fundamental question: how can we enable governments’ responses to the pandemic and subsequent recovery while continuing to protect citizens’ personal data and privacy?
On 15 October 2020, at the 42nd GPA 2020 Conference, the GPA Membership adopted the Resolution on the Privacy and Data Protection Challenges arising from the COVID-19 Pandemic [ES] [FR], which established a new temporary Working Group with an initial mandate of one year.
The Working Group on COVID-19 Related Privacy and Data Protection Issues will continue the work of the GPA COVID-19 Taskforce to build and strengthen our collective capacity in responding to data protection and privacy issues arising from the COVID-19 pandemic, by:
- Considering, making recommendations for and coordinating the GPA’s responses on privacy and data protection issues arising in the context of the COVID-19 pandemic and the road to recovery, particularly those issues and priorities identified through the 2021 GPA COVID-19 survey;
- Engaging with GPA members and observers with a view to keeping the Compendium of Best Practices updated as new privacy and data protection issues emerge as part of the ongoing COVID-19 recovery response;
- Collaborating with relevant international organizations, networks and privacy advocates in strengthening the capacity of GPA members and observers and sharing of information on the other pressing issues identified through the 2021 GPA COVID-19 survey; and
- Reporting on the progress of the Working Group, and the scope of any related considerations for future working arrangements, to the 2021 GPA Closed Session.
COVID-19 Working Group Chair
Raymund Liboro, Privacy Commissioner of the Philippines National Privacy Commission, is the Chair of the Working Group on COVID-19 related Privacy and Data Protection issues. Commissioner Liboro also chaired the COVID-19 Taskforce which has now completed its activity.
Find out more about the achievements of the GPA COVID-19 Taskforce 2020.
GPA Membership of the Working Group
Members of the Working Group on COVID-19 related Privacy and Data Protection Issues includes representatives from both GPA Members and Observers from the following countries and organisations:
Australia, Belgium, Burkina Faso, Canada, Council of Europe, Dubai International Financial Centre Authority, EU Fundamental Rights Agency, European Data Protection Supervisor, Gabon, Georgia, Germany, Hong Kong, International Committee of the Red Cross, Ireland, Israel, Italy, Ivory Coast, Japan, Jersey, Macao, Mauritius, Mexico, New Zealand, OECD Data Governance and Privacy Unit, Peru, Philippines, Republic of Korea, San Marino, Senegal, Switzerland, Turkey, United Kingdom, UN Global Pulse, Uruguay, US Federal Trade Commission.