GDPR (Briefly) Blocked Grocers From Accessing Lists Of 'At Risk' People In Need Of Food Packages

The GDPR is a mess. Still. After nearly two years of existence, it hasn't done much to improve the privacy of the millions of Europeans it affects. But it has made big tech companies even more dominant and generated a hell of a lot of collateral damage.

The privacy law was created by regulators bursting with short-sightedness and good intentions. And, if we're honest, a lot of unmitigated hate towards powerful US tech companies. (Hate, let's continue being honest, many of these companies did little to mitigate.) Transferring the power of privacy back to the people sounds good on paper, but in practice, it results in things like EU regulators violating their own law and, um, trash cans being temporarily removed from post offices because of the personal data they "collected" without permission.

The unintended consequences of the broadly-written law have been discussed here at Techdirt with alarming regularity. Clerical mix-ups have resulted in people accessing other people's personal data. The law has reached across the pond to screw with US court dockets and vanish posts from American search engines. GDPR has even made Christmas more of a logistical nightmare than it usually is.

Now there's this: in the middle of a pandemic, GDPR is preventing food from being delivered to at-risk Europeans self-isolating to prevent exposure to the deadly coronavirus. (Paywall-free link here.)

Supermarkets have been unable to get the names of 1.5 million vulnerable people being shielded from coronavirus to deliver food boxes because of EU data protection rules.

Grocers are waiting for a list of those self isolating for 12 weeks due to underlying health conditions so they can be prioritised for deliveries.

The details were expected to be handed over at the weekend, but insiders said they have been held up because of the European Union's general data protection regulation, which prevents mass sharing of information such as people's names, addresses or emails.

Awesome. They can either eat or have their privacy protected. But not both. And they don't get to choose which option they get. The GDPR has already decided they don't get to eat until the government straightens this out. Multiple major grocers confirmed they had no access to lists of vulnerable residents in need of food assistance.

Fortunately for everyone involved -- especially those considered to be at-risk -- this has been sorted out. One day after the original reporting, supermarkets stated they had finally received the lists previously blocked by the GDPR.

While this is a surprisingly speedy turnaround, the fact is the blocking of at-risk residents' info never should have happened in the first place. While GDPR's goals are (mostly) good, the side effects of mandating broad restrictions on data-gathering and sharing screws with the interoperability of the private and public sectors. In the GDPR's case, it also screws with the interoperability of multiple public entities, making it a nightmare for everyone involved. Good intentions only get you so far. And those good intentions don't mean much when they're undermining the public's health and well-being.