Privacy of personal information is a protected human right both under the international human rights and the Saudi Arabian constitution (Basic Law of Governments) and other statutes and regulations, subject to so exceptions that include protecting public health. The COVID-19 pandemic has challenged and overwhelmed the status quo in every human sphere, including the conventional surveillance of infectious diseases, contact tracing, isolation, reporting and vaccination while simultaneously protecting the privacy of personal data. The pandemic had led national governments, institutions and agencies to adopt mobile applications for collecting, analysing, managing and sharing critical personal data of individuals infected with or exposed to COVID-19. These data may be centralized at a central database, or localized in individuals’ phones. While the benefits of sharing private information for achieving public health needs may not be disputed, the risk of breach of personal privacy is, also, enormous. Consequently, it forced the national governments into a dilemma of either succumbing to public health needs, or strictly respecting and protecting the privacy of individuals, or balancing the two conflicting demands. There is a massive body of literature on the security and privacy of such mobile applications, but none has adequately explored and discussed the public interest justifications under the Saudi Arabian laws for the alleged privacy breaches. This paper explored the COVID-19 surveillance mobile app technologies in use in Saudi Arabia for their potential risks of data breaches under the prevailing data protection laws and regulations with a view to understanding if such breaches are obligated, allowed, or justified under the laws. Our findings suggest that any potential risk of a breach to the individuals’ privacy of personal information under the law would seem to have been properly balanced against (justified by) the public health needs to protect the society during the COVID-19 pandemic.