On the compatibility of pandemic data-driven measures with the right to data protection: a review of ‘under-the-radar’ measures adopted in Ireland to contain COVID-19

Abstract

This article reviews the compatibility of ‘under-the-radar’ data-driven measures adopted in Ireland to contain the COVID-19 pandemic with data protection law. Since data protection law implements and gives substance to the right to the protection of personal data enshrined in article 8 of the Charter of Fundamental Rights of the European Union, the article reviews the compatibility of data-driven measures with the applicable law in light of the Charter. The measures reviewed – thermal scanner guns, health self-check forms, Statutory Instruments for contact logging and the Vaccine Information System – appear well-meaning but partly incompatible with the right to data protection. The analysis points to the difficulty of reconciling public health and data protection without a systematic data-processing strategy and concludes with recommendations for right-proofing data-driven measures in the guise of a blueprint strategy for processing personal data for present and future pandemic purposes.