Through External Circular No. 001 of March 23, 2020, the Superintendence of Industry and Commerce (SIC) made clear that mobile phone operators and private entities in general have legal grounds to provide to the National Planning Department (DNP), as well as to public entities that so require it, personal data that is necessary to address, prevent, treat and/or control the spread of COVID-19 and mitigate its effects.
The SIC explained that, pursuant to Law 1581 of 2012, consent to process personal data is not required in case of medical or sanitary emergencies, and when public entities require them to perform their duties. In any case, public entities that receive personal data can only use it for the aforementioned purposes.
The SIC stressed that public entities shall adopt the necessary measures to ensure security, restricted circulation and confidentiality of personal data in the context of the emergency raised by COVID-19.