Someone says “the need is an excuse for human freedom breach”. This can happen during the covid-19. This is an example of what happens in Hungary. The Hungarian Government with the decree 179/2020 has suspended all the personal information and deletions rights so also the right to present a claim or see your right been protected by the National Data Protection and Freedom of Information Authority. This will happen until the emercency alerts stop, this deadline was not included into the Decree text 40/2020 (Hungarian statutory provision). Talking about this theme, with the declaration that was adopted the last 2 of June, the European Data Protection Board EDPB emphasized that GDPR is still applicable also in emergency conditions.
The EDPB stated also that the data protection legislations application permits an efficient answer to the pandemic period by protecting fundamentals rights and freedoms.
Recalling the article 23 of the GDPR, the EPDB stated that also in epidemic conditions le measures must be applicable, from the respect of fundamental rights and freedoms in personal data protection theme. Moreover, the careful reader does not escape that the Recital 73 GDPR limits the limitations to the discipline for the protection of personal data: the same must be in compliance with the Charter of Fundamental Rights of the European Union (Article 8: Protection of Personal Data) and the European Convention on Human Rights (Article 8: Protection of Private and Family Life). In any case, any restrictions on the exercise of rights and freedoms must, however, respect the essential content of those rights and freedoms, all in accordance with the principle of proportionality (Article 52 Charter).
Not by accident, the EDPB underlined that the general restrictions, not in compliance with proportionality principle can not be considered as legitimate, regardless of the scope marked by Article 23 Gdpr. On the other hand, the restrictions that must be considered as legitimate should be adopted by every single member state by a legislation which sets out clearly the restriction context, including a deadline for these emergency restrictions.
In addition the EDPB reminded us how these restrictions must be strictly practical to the public interest, giving note in the legislative instrument of this link. Simply declaring the existence of a state of emergency is not in itself a valid reason to limit the rights of those affected.
During the next few months, EDPB will publish some guidelines on the article 23 of the GDPR. Meanwhile it is better to be guided by a known wording by the Court of Justice: «… Restrictions on the exercise of fundamental rights can be made… as long as these restrictions are in fact for the purposes of the general interest pursued by the Community and are not resolved, given the purpose pursued, in a disproportionate and unacceptable intervention which would affect the same substance as those rights’ (judgment of 13 April 2000, case C-292/97, paragraph 45 of the reasoning).
Afraid or frightened by the pandemic, we are perhaps losing sight of fundamental rights or, according to another key reading, the Covid-19 is becoming the “necessity” on the altar of which to sacrifice fundamental freedoms. That is why, while privacy operators are called upon to criticize some bad legislative choices, institutions are required to be vigilant to prevent this from happening.
SOURCE: FEDERPRIVACY