Paris, March 24th, 2020 – In a press release available on the CNIL website (click on the image), the French Commission recalls the legal basis which allowed the “Covid-19 Alert” text message to be sent to French citizens on March 17th.
According to Articles 6 and 9 of the Regulation1, to “protect the vital interests” or a “task carried out in the public interest” provide the legal basis making it possible to justify the use of telephone numbers of data subjects for alert purposes.
These concepts are specified2 as follows: “Some types of processing may serve both important grounds of public interest and the vital interests of the data subject as for instance when processing is necessary for humanitarian purposes, including for monitoring epidemics and their spread or in situations of humanitarian emergencies, in particular in situations of natural and man-made disasters”.
Therefore, the processing of data for the purpose of alerting or informing French citizens in the context of the current health crisis is authorised and complies with European provisions.
According to French Law3, electronic communication services have an obligation to forward communications from public authorities intended to warn the public of imminent danger or to mitigate the effects of major disasters. Operators were ordered by the government to broadcast the “Covid-19 Alert” text message to French citizens.
Consequently, no telephone number was transmitted to public authorities.
In some countries, the use of personal data is quite different.
In South Korea, according to the French press ‘LCI’4, the personal data of citizens, collected by video surveillance or directly via their phones, are posted on the “Coronamap” website. These data can thus be consulted by the entire population, making it possible to know the geolocation of individuals carrying the virus, data on the duration of the contamination (less than 24 hours, more than 24 hours, more than 10 days, etc.). If a patient refuses to share their data, they may risk up to 2 years in prison.
In Israel, in order to combat the spread of the virus, the government has taken an emergency measure authorizing the internal security service to immediately collect data of citizens. According to the French journal ‘20 Minutes’5, police will be able to “obtain, without judicial authorization, the location of coronavirus carriers and quarantined persons via telephone operators”.
