FantasticSearch

1. The EWRS shall include a selective messaging functionality allowing personal data, including contact and health data, to be communicated only to the national competent authorities involved in contact-tracing measures and medical evacuation procedures. That selective messaging functionality shall be designed and operated so as to ensure safe and lawful processing of personal data and to link with contact-tracing systems at Union level.

2. Where national competent authorities implementing contact-tracing measures or medical evacuation procedures communicate, through the EWRS, personal data necessary for contact-tracing purposes pursuant to Article 19(3), they shall use the selective messaging functionality referred to in paragraph 1 of this Article and communicate the data only to the other Member States involved in the contact-tracing or medical evacuation measures.

3. When communicating the data referred to in paragraph 2, the national competent authorities shall refer to the alert communicated previously through the EWRS.

4. The selective message functionality shall be used solely for the purpose of contact tracing and medical evacuation. It shall only allow national competent authorities to receive data that were sent to them by other national competent authorities. The ECDC shall only access the data required to ensure the proper functioning of the selective message functionality. Messages containing personal data shall automatically be erased from the selective message functionality 14 days after the date of their posting at the latest.

5. Where necessary for the purpose of contact tracing, personal data may also be exchanged using contact-tracing technologies. The national competent authorities shall not retain the contact data and health data received through the selective message functionality for longer than the retention period applicable in the context of their national contact-tracing activities.

6. The Commission shall adopt delegated acts in accordance with Article 31 to supplement this Regulation by establishing:

(a) detailed requirements necessary to ensure that the operation of the EWRS and the processing of data complies with Regulation (EU) 2016/679 and Regulation (EU) 2018/1725, including the respective responsibilities of the national competent authorities and of the ECDC; and (b) a list of the categories of personal data that may be exchanged for the purpose of the coordination of contact-tracing measures.

7. The Commission shall, by means of implementing acts, adopt:

(a) procedures for the interlinking of the EWRS with contact-tracing systems at Union and international levels; and (b) the modalities for processing contact-tracing technologies and their interoperability, as well as the cases where, and the conditions under which, the third countries may be granted access to contact-tracing interoperability and the practical arrangements for such access, in full compliance with Regulation (EU) 2016/679and the applicable case law of the Court of Justice of the European Union. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 29(2).