During the COVID-19 pandemic, contact-tracing, data sharing, de-anonymisation and re-identification, and the collection of personal data for testing and tracing (e.g., by bars and restaurants) became the widespread practice of governments, health authorities, and commercial enterprises. DPAs’ statutory role as advisers and supervisors regarding these information practices was put to the test. The panel will explore the relations during the pandemic between DPAs and government and scientific/medical advisers, health services, and the conflict between the public interest in data protection and the public interest in health. It will examine whether DPAs could exert their authority as inevitable actors in decision-making concerning the processing of personal data, whether they pressed for the use of Privacy-enhancing or Privacy-by-Design technologies in pandemic control strategies, and whether they have had a say in arbitrating the relationship between information rights and emergency measures.
• Have DPAs been involved in COVID-19 related decision-making?
• Have they been under pressure not to interfere with government and public health solutions?
• If so, how have they responded to this challenge?
• Did data subjects turn to DPAs in COVID-19 related cases?