Outbreak of the coronavirus and personal data privacy
The fast-spreading coronavirus (Covid-19) has infected thousands of people in China and in over 20 other countries. This coronavirus outbreak, originating in Wuhan, a large city located in the central region of China, has been declared a Public Health Emergency of International Concern (PHEIC) by the World Health Organization.
In fighting against the outbreak of this new coronavirus, Chinese authorities at all levels have, in addition to providing emergency medical support to those affected by the virus, imposed quarantines and restricted travel and outdoor activities. In order to control the outbreak and track the spread of the virus, Chinese health authorities and other stakeholders ranging from airlines, rail operators and property management companies have collected a large amount of personal data, including data on individuals who have recently travelled to Wuhan or who have been in contact with those who have developed symptoms of infection. There have been several data breach incidents which have given rise to concerns over privacy and potential discrimination against people from Wuhan and Hubei Province.
In response to these concerns, the National Health Commission of China issued a notice on February 3, 2020 outlining the personal data protection requirements in the context of the prevention and control of Covid-19. In addition, on February 4, 2020, the PRC Cyberspace Administration of China (CAC) (the key Chinese regulator on cybersecurity and data privacy) issued the“Circular on Ensuring Effective Personal Information Protection and Utilization of Big Data to Support Joint Efforts for Epidemic Prevention and Control” (CAC Circular) to provide detailed guidance on protecting personal data in the current circumstances.