Text Messages on the Coronavirus Pandemic to Persons Returning from Abroad are Sent Legally in Lithuania


2020 07 14

COVID messages.png

Recently, there have been public concerns about the legality of processing of personal data because of sending text messages on the coronavirus (COVID-19) pandemic by mobile operators informing individuals that they will need to self-isolate for 14-day when returning to Lithuania from abroad.

The State Data Protection Inspectorate in response to this situation and by conducting the monitoring of the application of the General Data Protection Regulation as the personal data protection supervisory authority in Lithuania, applied to Lithuanian companies providing mobile communication services requesting to submit information related to the above-mentioned text messages.

After evaluating the answers received from mobile operators and taking into account the Law on Civil Protection of the Republic of Lithuania, it must be stated that the provisions of the General Data Protection Regulation were not violated when mobile operators sent SMS messages on the mandatory 14-day self-isolation.

Please be reminded that on 6 February 2020, the Government of the Republic of Lithuania adopted Resolution No. 152 on the declaration of a state-level emergency, which declared a state-level emergency due to COVID-19. In this context, mobile operators in cooperation with the competent ministries send text messages to customers of their mobile services returning from foreign countries affected by the virus.

The Law on Civil Protection of the Republic of Lithuania (Article 15(1)(1)) provides that residents, economic entities and other institutions shall have the right to be warned about an imminent or occurring emergency, to receive information about emergency events and how to act during such an emergency.

Thus, considering the above circumstances and the legal acts regulating this situation, it can be concluded that the purpose of sending the above-mentioned text messages by mobile operators, as data controllers, is to provide information and recommendations to Lithuanian citizens returning from regions that were at that time the COVID-19 risk areas. Against this background, the State Data Protection Inspectorate considers that operators have not violated the General Data Protection Regulation by processing the personal data of their customers.