UN expert calls to delete personal data if no longer serves purpose 'post-pandemic'

States should examine issues related to personal data collected and processed by public authorities during COVID-19, a UN expert urged today, calling for the data to be deleted if it no longer serves a purpose "post-pandemic".

In a report to the 52nd session of the Human Rights Council, the UN Special Rapporteur on the right to privacy, Ana Brian Nougrères, recalled various international and regional principles provide guidelines for the proper processing of personal data.

“The challenge for States is to effectively implement the deletion of such sensitive information in accordance with human rights, including the right to privacy,” she said.

The expert said that she aimed to provide guidance to States on how to implement the principles of purpose, deletion, and accountability with respect to the personal data collected on millions of people in the context of the Covid-19 pandemic in a timely manner.

Based on available information, the expert examined the situation in 20 States from various geographic regions. She found that while State policies were in full compliance of informing the public about the purpose of the collection and processing of personal data, very few established transparent mechanisms to verify the deletion or anonymisation of personal data.

“None of them provided for the use of an external audit to certify the effective anonymisation or deletion of personal data,” Ana Brian Nougrères said.

The expert made six key recommendations to States regarding personal data collected during the pandemic:

1. Verify compliance with the principles of purpose;

2. Strengthen accountability;

3. Demonstrate transparency;

4. Proactively implement a risk management system;

5. Reinforce a public culture of ethical use of personal data;

6. Implement a simple and publicly accessible mechanism that allows citizens to verify the use, storage, and deletion of data.