Information on social media monitoring for epidemic intelligence purposes (including manual monitoring)
ECDC monitors social media for epidemic intelligence purposes. This is done by monitoring a list of predefined users using Epidemic Intelligence from Open Sources (EIOS) and monitoring a list of predefined users on social media platforms.
Processing also includes manual monitoring of sources and uploading content to EpiPulse, ECDC’s surveillance platform, and including certain data in reports.
Details on why, how and under which basis ECDC conducts social media monitoring for epidemic intelligence purposes are available in this internal procedure.
You are invited to check your social media account to check if ECDC is one of your followers, as the following information is relevant for you.
Who is responsible for processing of your personal data in this context?
The European Centre for Disease Prevention and Control (ECDC) is the data controller for the processing operation.
You can contact the controller at epidemic.intelligence@ecdc.europa.eu or by post at the following address:
European Centre for Disease Prevention and Control (ECDC)
171 83 Stockholm
Sweden
You can contact the Data Protection Officer of ECDC at dpo@ecdc.europa.eu
What are the purposes of the processing, and what is the legal basis?
Social media is one of the sources that ECDC monitors for epidemiological surveillance purposes.
The legal basis for the processing operation stems from art. 5(1) of Regulation 2018/1725 in combination with art. 3 of Regulation 851/2004.
What personal data does ECDC process and what is the source of the data?
The personal data processed by ECDC consists in identity and affiliation of social media users monitored by ECDC, as well as the content (opinion) in social media posts by the users.
The personal data processed by ECDC in the context of social media monitoring comes from publicly available sources. Data has been made public by the respective social media user.
In the context of this processing activity, ECDC does not process any personal data of data subjects that are patients of a disease under surveillance.
Who has access to your personal data and to whom are data disclosed?
Personal data are included in the EpiPulse platform, where data are available to EpiPulse users, and in ECDC’s Communicable Disease Threats reports.
For how long does ECDC process the data?
When personal data consists of links to social media posts, if a social media user cancel the respective post, ECDC will automatically stop processing the respective personal data.
When updating an event, ECDC checks if links to personal data included in social media content is still relevant for the original purpose of epidemiologic intelligence. If not, the link is removed. If the content in a social media post is still relevant, the link is kept.
ECDC reviews the relevance of links every six months.
What are your rights regarding your personal data?
As the individual to whom the personal data relate, you can exercise the following rights:
- access to your personal data under Article 17 of Regulation (EU) 2018/1725;
- rectify your personal data under Article 18 of Regulation (EU) 2018/1725;
- erase your personal data under Article 19 of Regulation (EU) 2018/1725;
- restrict the processing concerning yourself under Article 20 of Regulation (EU) 2018/1725; or
- exercise the right to data portability under Article 22 of Regulation (EU) 2018/1725.
Please note that these rights are not absolute rights, which means that some exceptions may apply. Please also note that, in certain cases, as provided in Article 25 of Regulation (EU) 2018/1725, restrictions of data subjects’ rights may apply. These restrictions are applied on a case-by-case basis.
Who can you contact in case of further questions or to complain about the processing of your personal data?
If you have questions on how your personal data is being processed, you can contact the Epidemic Intelligence Group of ECDC at epidemic.intelligence@ecdc.europa.eu or the Data Protection Officer of ECDC at dpo@ecdc.europa.eu.
If you think that your personal data is processed unlawfully, you can lodge a complaint with the European Data Protection Supervisor.