356 LEGAL IMPACTS OF COVID-19 IN THE TOURISM INDUSTRY as Big Data. We talk about prediction of future bahaviour of the traveller as well. The risk for data protection and privacy is high. Moreover, there is also the question of how personal data should be handled immediately after the lockdown in the field of tourism. Will it be lawful for managers of tourist facilities, for example, to ask customers if and when they have contracted the coronavirus? How should they handle the information given? There is no answer yet. We will see what the Privacy Authorities will state in the next years. 3. THE RELEVANCE OF THE GENERAL DATA PROTECTION REGULATION The technology used for implementing the phenomenon of STD are based on intensive profiling, that cause concrete risk for privacy and personal data protection, thus requiring a careful analysis of the current regulatory framework. Within Europe, compliance with the General Data Protection Regulation14 (GDPR) has to be considered. Unfortunately, the issue of privacy implications within STD did not receive real attention within legal research so far15. The GDPR defines the activity of profiling in article 4 (“Definitions”) as: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation health, personal preferences, interests, reliability, behavior, location or movements”. In accordance with article 29 Working Party16, the activity of profiling requires three elements: i. It has to be an automated form of processing; ii. It has to be carried out on personal data17; and 14 EU Regulation 2016/679, which came into effect on 25 May 2018. 15 For some relevant profiles, see M. D. Masseno, C. Santos, Between footprints: balancing environmental sustainability and privacy in smart tourism destinations, in United worls Law Journal, vol 1, 2, 2017, pp. 96-118. 16 The Article 29 Working Party (Art. 29 WP) is the independent European working party that dealt with issues relating to the protection of privacy and personal data until 25 May 2018 (entry into application of the GDPR). All archived news on (Art. 29 WP) can be consulted in: https://ec.europa.eu/newsroom/article29/items. 17 Art. 29 WP on the concept of personal data available in: https://ec.europa.eu/justice/article29/documentation/opinion-recommendation/files/2007/wp136_en.pdf.
RkJQdWJsaXNoZXIy MTE4NzM5Nw==