Hunton Andrews Kurth writes:
On May 25 and May 26, 2020 respectively, the Belgian Data Protection Authority (the “Belgian DPA”) published two opinions on draft laws introducing COVID-19-related tracking initiatives: (1) the Opinion 42/2020 on the draft law for the creation of a database by Sciensano, a public health institution (“Opinion 42/2020”), and (2) the Opinion 43/2020 on the draft law for the use of contact tracing apps to fight the spread of COVID-19 (“Opinion 43/2020”).
The Belgian DPA had already issued critical opinions (Opinions 34/2020 and 36/2020, available in French) in April regarding draft Royal Decrees introducing similar initiatives by Sciensano that involved the use of tracing apps and the creation of a database for COVID-19 tracking.
According to the Belgian DPA, the public health institution had failed to demonstrate that the infringements on the private lives of individuals were necessary and proportionate to the purposes of preventing the spread of COVID-19, and the implementation of a contact tracing app was allowed only if it constituted the least intrusive measure to achieve this purpose.
Read more on Privacy & Information Security Law Blog.