Blog details

Pandemic related data collection halted in Germany

Pandemic related data collection halted in Germany

Hamburg Commissioner for Data Protection and Freedom of Information has announced an end to pandemic related data collection and storage.


Many of the legal measures implemented to contain the coronavirus pandemic have recently come to an end in Hamburg as the hotspot regulation in Hamburg expired on April 30, 2022. While these regulations are being lifted, several obligations and powers to collect personal data are gradually being removed. Companies and public authorities in Hamburg are now expected to stop all pandemic related data collection and are encouraged to use this phase of the pandemic as an opportunity to take stock of their “corona data”. Companies are asked to check their existing databases and delete all data which is considered no longer required. Storing data in the event of a possible future worsening is now considered unnecessary and is no longer possible with the legal basis ceasing to apply.


Employee data which was collected under the 3G rule in Germany is required to be deleted.


The obligation to delete data particularly  applies to all employers who have previously queried the status of their employees under the German “3G rule”. This rule required employees to provide health data, particularly their COVID-19 status with regard to vaccination, recovery, or negative test results. Entertainment centers, like restaurants or cinemas, for example, are also now required to delete any contact data of any guests that may have been recorded in the context of the pandemic. 


The Hamburg Commissioner for Data Protection and Freedom of Information says that special categories of data, collected in the context of the pandemic must now be deleted. 


There has now been an official call to delete all sensitive health data which was collected throughout Germany, in the context of the pandemic now that the regulations which provided the legal basis for the collection and storage of this data has expired. Thomas Fuchs, the Hamburg Commissioner for Data Protection and Freedom of Information was quoted in a recent report, as saying “In the last two years we have experienced an exceptional situation in many respects. Special categories of data were also collected on a large scale. These were significant encroachments on fundamental rights, which can be justified in the context of the pandemic. With the expiry of the legal powers, this collected data must now be deleted. In some cases, we observe attempts to maintain surveillance practices or to retain collected data for other purposes and contingencies. Here it is important to do educational work and, if necessary, to intervene in a supervisory manner.” 

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Prev post
La autoridad de control de Bélgica apercibe a Google
May 12, 2022
Next post
Se detiene en Alemania la recogida de datos relacionados con la pandemia
May 17, 2022

Leave a Comment