Data protection and Covid-19 – a sporting chance
28 January 2021
At first glance, you may think "who cares? This isn't relevant to me, I'm not a data controller under the Data Protection (Jersey) Law 2018". But, before we lose you by citing a piece of law, we pose two questions:
- how many times have you had to declare whether you had Covid-19 symptoms in the last twelve months?
- have you been able to freely continue your life as you once did since the outbreak?
If, like me, you enjoy sport, I'm sure you have been watching every recent update to see when we may return to our beloved pastimes. But how could this new age of vaccinations, social-distancing and cough etiquette affect us and our own personal data?
Gone are the days where we could simply turn up to a training session after a busy day of work, tog out, train and leave. Instead, for any group activity, and potentially even your own personal fitness session at a gym, the likelihood is that prior to each session, the facilitator will ask you a range of questions before allowing you access to train. Such questions may include – Have you had symptoms of Covid-19 in the last seven days? Have you recently returned from a foreign country? Have you come into contact with any person diagnosed with Covid-19? Or have you been vaccinated?
This isn't an article written to induce fear. But, before we all clamber back to our normal fitness routines in the hope of burning off that Covid bulge it is worth considering the Data Protection (Jersey) Law 2018 (the "Law") and what this could mean to you as you practise your sport.
Under the Law, data must be processed lawfully, fairly and in a transparent manner; it must be limited to what is necessary, be accurate and be kept for no longer than is necessary. A person's medical and indeed vaccine status is defined as "special category data" under the Law and logically, as this information is so sensitive, it must be protected. So when we as data subjects provide our own personal information in response to Covid-19 queries to another third party, that third party is then legally obligated to store, process and protect that information in accordance with the Law. This includes reading, inspecting, storing and erasing it.
In our multi-faceted digital world it has become even harder to keep track of who has, and indeed who stores, our own personal sensitive medical information. Requests for such sensitive data have now become commonplace in almost every aspect of our daily life from travel to work and now sport. So, as the world combines to fight against a common enemy, in the background a range of super databases are also being created which contain our own special category data.
As a result, now is the time for us to be vigilant, cautious and informed as to our rights and responsibilities under the Law.
If you would like any further information, please get in touch with your usual Bedell Cristin contact or one of the contacts listed.
Related Service: Regulatory & Compliance
Partner | Cayman Islands
Partner | GuernseyRead more
Partner | Jersey
Richard Le Liard
Partner | Jersey