1. Comment
April 8, 2020

GDPR compliance to the fore as Europe’s telcos mobilize to halt Covid-19

By GlobalData Technology

Governments across the world are striving to stop the outbreak of Covid-19 and mitigate its effects. Telecom operators can contribute in helping governments reach their goals in these unprecedented circumstances.

Given that mobile penetration rates in many countries exceed 80% of the population, telecom operators are well-positioned to share relevant data analytics – e.g. aggregated and anonymized mobile user location data and population movement analytics – that can help inform governments’ response actions to the crisis.

That said, as per the General Data Protection Regulation (GDPR) in Europe, telcos need to insure mobiles users’ data privacy and protection. They do not have the right to reveal the data of individual mobile users to the government without getting the user consent in most of the cases.

Geolocation data will be anonymized

Spain adopted an official State Order in March, tasking the State Secretary for Digitization and Artificial Intelligence – part of the Ministry of Economy and Digital Transformation – with the development of a for COVID-19 symptoms reporting and initial self-assessment application. The application will also use mobile subscribers’ geolocation data to corroborate the fact that users are located in the autonomous region they have declared they are in.

The Chief Commissioner for the National Police, clarified in March 30th that the user geolocation data will be used in an anonymized fashion, thus, in compliance with GDPR.

Moreover, the order charges the State Secretary of working with Spanish telcos and the National Statistics Institute on the ‘DataCOVID-19’ study.

The study aims at helping the government understand people movement flows and adapt the geographical healthcare capacity accordingly. It involves the collection and analysis of anonymized and aggregated user mobility data during the lockdown, in compliance with the GDPR. For this purpose, the Spanish territory has been divided into 3200 geographical units of 5000 residents each. Data from telcos on the number of mobile terminals present in each geographical unit and its evolution over time will be shared with the Statistics Institute.

Sharing user data will be GDPR compliant

Other European telecom operators have also been taking similar measures in sharing user data in compliance with GDPR.
In Austria, telecom operator A1 is sharing anonymized user mobility data with the government while emphasizing its compliance with GDPR.
In France, Orange, for instance, is sharing anonymized user geolocation data with the National Institute for Medical Research in order to model people movement during the lockdown.

The telco is sharing these data insights in alignment with the GDPR and has reiterated it attachment to this principle.
In Germany, Deutsche Telekom and Telefonica Germany are also providing Germany’s Central Research Institute with aggregated and anonymized users’ mobility data to support projections around COVID-19’s spread. Individual mobile users are not tracked, as thus, GDPR is respected.

Topics in this article: