Covington & Burling LLP


On April 19, 2019, the Department of Health and Human Services (HHS) announced a 30-day extension, until June 3, 2019, to the comment period for two rules proposed by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC).

The CMS proposed rule aims to

On January 12, 2016, the European Court of Human Rights (ECtHR) ruled that an employer who had monitored an employee’s private communications during working hours had not breached the employee’s right to privacy (under Article 8 of the European Convention on Human Rights).

This judgment will influence how other European national courts and regulators view similar cases involving employer monitoring of employee private communications. However, the full scope of the judgement remains somewhat unclear; in particular, it remains unclear whether the ECtHR would apply similar logic if the monitored communications had been carried out through a personal account, rather than a professional one.  Employers should also take note that the judgment emphasizes the need for employer monitoring policies to be reasonable and proportionate.  The judgment is available in full here.
Continue Reading European Court of Human Rights Rules That Employers Can Monitor Employee Private Communications

By Jean de Ruyt and Sebastian Vos

On January 25, 2012, the European Commission presented a proposal for a “Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, the “Data Protection Regulation” (DPR). The Commissioner in charge of justice at the time, Viviane Reding, aware of the complexity of the matter, stated jokingly that she hoped a decision on this proposal would at least be reached by the end of her term, i.e. in October 2014.

Reding is now gone, a new EU Commission is in place, but the Council of Ministers has only agreed very recently on a few chapters of the ninety page proposal; “Trilogue” negotiations between the European Parliament, the Council, and the Commission have not even started.  When, recently, the new Commissioner, Vera Jourova, claimed that a final agreement will be reached before the end of 2015, this deadline was seen by experts as wishful thinking, just as all those announced previously by her predecessor.

The Parliament cannot be blamed: on 12 March 2014, just before being dissolved in preparation for the May elections, it endorsed with 621 votes in favor, 10 against and 22 abstentions, the position on the regulation adopted by the LIBE (Civil Liberties, Justice and Home Affairs) Committee. But this vote was seen more as a political move (in the context of the NSA scandal) than a nuanced and balanced approach to the difficult issues at stake. The stronger safeguards inserted, the increased level of fines, and some radical definitions are light years away from the compromises currently discussed in the Council. So even when the Council will have reached a common position (or “general approach”) on the whole text, reconciling this position with the Parliament’s might take a long time – or end up in a deadlock.

Continue Reading The EU data protection regulation after 3 years of negotiation

Recent news that the U.S. Justice Department obtained telephone records for two months covering more than 100 journalists working for the Associated Press has prompted lawmakers to propose new statutes meant to strengthen protections against the kinds of requests that our Jeff Kosseff described as “undermin[ing]” the “entire Fourth Estate.”

Continue Reading New Statutes Proposed in the Wake of AP Spying Scandal

The Article 29 Working Party, comprising data protection authorities from each of the EU Member States and the European Data Protection Supervisor, has reiterated concerns about aspects of Passenger Name Record (PNR) agreements between the EU and the US, Canada and Australia. Under the agreements, airlines must allow authorities in the US, Canada and Australia

The European Commission has proposed a Passenger Name Record Directive that would require airlines to provide EU Member States with data on passengers arriving from, or departing to, countries outside the EU.  Under the proposal, copies of such PNR data held on an airline’s reservation system would be transferred to a dedicated “Passenger Information Unit&rdquo