The processing of special categories of personal data may be necessary for reasons of public interest in the areas of public health without consent of the data subject. Such processing should be subject to suitable and specific measures so as to protect the rights and freedoms of natural persons. In that context, ‘public health’ should be interpreted as defined in Regulation (EC) No 1338/2008 of the European Parliament and of the Council(11), namely all elements related to health, namely health status, including morbidity and disability, the determinants having an effect on that health status, health care needs, resources allocated to health care, the provision of, and universal access to, health care as well as health care expenditure and financing, and the causes of mortality. Such processing of data concerning health for reasons of public interest should not result in personal data being processed for other purposes by third parties such as employers or insurance and banking companies.
GDPR Recital EN
Recital 54
Related across sources
Guidance Guidelines 07/2020 on the concepts of controller and processor in the GDPR Guidance Guidelines 01/2022 on data subject rights - Right of access Guidance Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation Guidance Guidelines 05/2020 on consent under Regulation 2016/679 Guidance Guidelines 01/2021 Guidance Guidelines 8/2022 on identifying a controller or processor's lead supervisory authority