The article tackles the issue of personal data protection in case of tracing (looking for) individual persons who have been exposed to health risks pursuant to the EU Decision 1082/2013 on Serious, Cross-border Health Threats. This problem exemplifies just one among many challenges of the health-security nexus in the EU. That is, it regards a certain trade-off between the limitation of individual rights and securing populations’ safety. The text appraises the safeguards for the (lawful) limitation of the right to data protection after an in-depth examination of the provisions of the Health Threats Decision, its implementing measures, the reports on its operation, and in light of the general EU data protection laws. In conclusion, it claims that a number of improvements are needed because of the incompleteness, and the insufficient coherence and transparency of the EU regime for health threats. The established shortcomings are, at least in part, caused by the new EU “integrated approach” to health and security. In effect, an overall philosophy of reforms of public health policy in the name of “all-hazards security” applied in the Health Threats Decision can result in a reduction of the adequate level of protection of individuals’ personal data.