Scientific research has probably never played a more central, time-sensitive role in our society than during the COVID-19 pandemic. Researchers are being pressed to produce results as quickly as possible. And processing health-related data is a key element of this research—which raises significant questions on how to reconcile privacy and public safety. News articles, LinkedIn posts, and Tweets highlight concerns around the tradeoff between, for example, privacy and health, privacy and public interest, and privacy and safety, with privacy regimes being depicted as obstacles to overcome in the fight against COVID-19.

On April 21, 2020, the European Data Protection Board (the “EDPB”) issued its “Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak” (the “Guidelines”). The EDPB states that “[d]ata protection rules (such as the GDPR) do not hinder measures taken in the fight against the COVID-19 pandemic.” The Guidelines’ main objective is to shed some light on this statement. The Guidelines also provide some direction on which are the relevant GDPR (European General Data Protection Regulation) provisions to take into account when conducting scientific research in the context of the COVID-19 pandemic.

Continue reading.