COVID-19 & GDPR, a scientist’s opinion
We speak with Anna Odone, Associate Professor of Public Health at the Faculty of Medicine of the University Vita-Salute San Raffaele in Milan. As a consultant physician, responsible for the Unit of Clinical Epidemiology and Health Technology Assessment at San Raffaele Scientific Institute, she is the President of the Digital Health Section of the European Public Health Association (EUPHA).
Which data (medical, personal, location data) are most effective in “stopping” the virus for public health experts?
The current COVID-19 public health emergency has made it clear that the availability and use of digital platforms for data sharing are of fundamental importance to tackle it. I am referring to different types of data, both within and outside the health sector. Digitalised epidemiological, clinical and laboratory data are needed to inform timely and efficient surveillance systems, this is crucial to orient public health action. Similarly, location data are used to explore outbreaks’ distribution and carry out contacts’ tracing. For the first time in history, self-generated data are contributing to the fight against an epidemic: I am thinking for instance about digital participatory surveillance through social media and apps where people actively generate and communicate data to monitor disease trends, identify risk factors or for suspects’ symptoms monitoring. Data digitalisation offers great potential to control outbreaks but my feeling is that preparedness was not in place in every context to maximise its potential.
Would or is this data (be) easily accessible for the researchers, medical teams and public health officials?
The availability and accessibility of this data varies widely in different countries and in different settings. This depends on different normative frameworks, available technical infrastructures, interoperability and also on different cultures across Europe.
Medical teams are using and sharing clinical data to optimise the clinical management of COVID-19 patients in times where uncertainty still exists about which treatments and diagnostic strategies work best. Public health officials are required to collect ‘surveillance data’ and transmit it from the local to the regional, national and international level. The problem is that case definitions and surveillance standards are sometimes not harmonised, therefore making it difficult to interpret and compare figures. In addition, for example in Italy, only a little fraction of data on the COVID-19 epidemic are made available to the wider public health community and to the general population, which limits its use and exploitation for health education and communication purposes, as well as for public health practice and research.
From a research perspective, it is now important to design solid and comprehensive prospective studies to make sure we collect, link and share large sets of clinical, laboratory and personal data which will allow us to understand SARS-CoV-2 so as to contrast its spread in a constructive and collaborative way.
Which tensions with the GDPR might arise when these data are shared and/or processed?
GDPR is often perceived as a complex matter to navigate for public health practitioners and researchers. The best strategy to overcome this issue and to fruitfully manage and share personal data for public health purposes is to “know” GDPR. Next, public health practitioners and researchers need to work hand in hand with data protection officers and GDPR experts who can support us to use data in the best possible way and that its derogations are designed to promote research endeavours and ultimately pursue population wellbeing, even more so during health emergencies. Digital solutions such as mobile data tracking offer useful instruments to enforce control measures against COVID-19 and it is our societal responsibility to demystify GDPR and find a balance between privacy rights and population health.