Harvard Law Today – Urs Gasser explores the risks and benefits of mining data to combat COVID-19: “…Privacy and data protection issues vary greatly depending on the types of data, use cases, and actors involved. And countries around the world have very different baselines and practices in place determining how such rights are protected. European law puts forth the strongest legal protections that also govern the processing of personal data used to fight COVID-19. The European Data Protection Board recently clarified how the EU General Data Protection Regulation and other data protection laws apply to the current situation. With respect to mobile phone data, the ePrivacy Directive requires that such data be anonymized or only shared with the consent of the individual, unless member states introduce specific emergency legislation. Such emergency measures have to put in place adequate safeguards and accountability mechanisms. In the U.S., protections are unfortunately much less robust, given a patchwork of laws that leave open massive privacy gaps. The use of consumer data in the U.S. is largely governed by the privacy policies of the various service providers, affording only limited privacy protections, as the past few decades have taught us the hard way. In my view, the current crisis further demonstrates the urgent need for comprehensive federal privacy legislation…”