Archives: COVID-19

Subscribe to COVID-19 RSS Feed

Democrats Introduce COVID-19 Privacy Bill That Differs in Key Respects From Republicans’ Proposal

House and Senate Democrats recently unveiled proposed legislation—tentatively titled the “Public Health Emergency Privacy Act”—that would regulate the collection and use of health and location information in connection with efforts to track and limit the spread of COVID-19. Below we describe the proposed Public Health Emergency Privacy Act and how it differs with a separate … Continue Reading

ICO Issues COVID-19 Guidance for Employers

On May 11, 2020, the UK Information Commissioner’s Office (“ICO”) published guidance on how employers should handle data in the event they choose to test their employees for COVID-19. The guidance provides a clear reminder that employers must comply with both the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), and … Continue Reading

Italian Supervisory Authority Publishes FAQs on Data Protection and COVID-19

On May 6, 2020, the Italian Supervisory Authority (“Garante”) published a list of frequently asked questions (“FAQs”) and answers on data protection and COVID-19 (see here, in English). The FAQs build on and expand guidance previously issued by the Garante (see our blog post here), and take into account recent measures adopted by Italian authorities, such as … Continue Reading

Hungarian Government Suspends GDPR Data Subjects Rights

On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests. The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree … Continue Reading

European Data Protection Board Issues Guidelines on Processing Personal Data for Scientific Research Related to COVID-19

On April 21, 2020, the European Data Protection Board (“Board”) issued guidelines on the processing of personal data for scientific research related to COVID-19.  The Board indicates that the GDPR takes into account the needs of scientific research and should not be a barrier to conduct such research, while at the same time, it helps … Continue Reading

EDPB Issues New Guidance on the Use of Location Data and Contact Tracing in the Context of the COVID-19 Outbreak

As we anticipated in a previous blog post, on April 22, 2020, the European Data Protection Board (“EDPB”) issued new guidelines on the use of location data and contact tracing apps in the context of the present COVID-19 pandemic. The EDPB’s new guidelines complement and build on similar guidance previously issued by the Board itself … Continue Reading

UK ICO Issues Opinion on Apple-Google Initiative for a Contact Tracing Framework

On April 17, 2020, the UK’s Information Commissioner’s Office (“ICO”) issued an opinion on the recently announced Apple-Google initiative to develop a Bluetooth-based Contact Tracing Framework (“CTF”) to help prevent the spread of COVID-19.  The ICO opinion is generally supportive of the Apple-Google proposal and perceives it to be, at this early phase, aligned with … Continue Reading

EU Commission Releases Guidance on COVID-19 Apps

On 8 April 2020, the European Commission adopted a recommendation on a common European Union toolbox for the use of technology and data to address the COVID-19 crisis (“Recommendation”).  The Recommendation responds to calls for a common EU approach to the use of mobile apps in combatting COVID-19—one that improves the efficacy of the technology … Continue Reading

EDPB will issue data protection guidance on several topics relating to COVID-19

On April 7, 2020, the European Data Protection Board (“EDPB”) announced that it assigned specific mandates to two expert subgroups to prepare guidance on a number of Covid-19 related topics. The list of topics chosen by the EDPB reflects those that have received the closest scrutiny by the national authorities.… Continue Reading

The FTC’s Response to the Coronavirus Pandemic: Consumer Protection Priorities and Initial Actions

The Federal Trade Commission has traditionally responded forcefully to public health and economic crises, and it is doing so again in response to the coronavirus pandemic.  The current crisis does present some additional complications, however, because of its impact on the operations of the agency itself.  Three particular aspects of the FTC’s consumer protection-related response … Continue Reading

HHS Seeks to Facilitate Certain Uses and Disclosures of Health Data to Public Health and Health Oversight Agencies Amidst COVID-19 Nationwide Public Health Emergency

On April 2, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a Notification of Enforcement Discretion (the “Notification”) regarding the disclosure of protected health information (“PHI”) to public health authorities and use of PHI to perform analytics for such authorities.  Designed to “facilitate uses and disclosures for public health and health oversight … Continue Reading

COVID-19 Apps and Websites – The “Pan-European Privacy Preserving Proximity Tracing Initiative” and Guidance by Supervisory Authorities

Pan-European Privacy Preserving Proximity Tracing Initiative According to media sources, an EU consortium led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) will soon release software code that can be used to create apps that will help track transmission chains of COVID-19.  The Pan-European Privacy Preserving Proximity Tracing (“PEPP-PT”) project comprises more than 130 … Continue Reading

COVID-19 Cybersecurity Advice: FTC and FBI Provide Guidance on Cybersecurity Scam Trends and Preventive Measures

In response to the COVID-19 outbreak, several U.S. government entities have released warnings about a rise in scams and fraudulent activity connected to the outbreak.  In a recent bulletin, the FBI warned of a rise in phishing emails, counterfeit treatments or equipment for COVID-19 preparedness, and fake emails from the Centers for Disease Control and … Continue Reading

Greek Data Protection Authority Issues Guidelines on Data Protection and Coronavirus

On 18 March, 2020, the Hellenic (Greek) Data Protection Authority (“HDPA”) issued guidelines on data protection and COVID-19. With these guidelines, the HDPA aims to provide guidance on the interpretation and application of data protection legislation during the COVID-19 pandemic. In this blog, we summarise the key points included in the HDPA’s guidelines. Categorization of … Continue Reading

HHS Relaxes Enforcement of Certain HIPAA Provisions Amidst COVID-19 Nationwide Public Health Emergency

This month, the U.S. Department of Health and Human Services (“HHS”) issued guidance waiving enforcement of certain provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) in response to the COVID-19 nationwide public health emergency.… Continue Reading

Guidance released by EU Authorities on How to Ensure IT Security when Working Remotely

In order to combat the proliferation of COVID-1, several EU Member States have strongly recommended or required that employees engage in teleworking, rather than attend work as normal. In this context, the European Union Agency for Cybersecurity (“ENISA”), on March 15, 2020, issued its “top tips for cybersecurity when working remotely”. Some data protection Supervisory … Continue Reading

COVID-19 Cybersecurity Advice: FTC, NIST, and CISA Release Guidance on Secure Teleworking and Critical Infrastructure Jobs

In response to the drastic increase of U.S. employees working remotely, the U.S. Federal Trade Commission (“FTC”) and the U.S. National Institute of Standards and Technology (“NIST”) have both issued guidance for employers and employees on best practices for teleworking securely.  In addition, the Cybersecurity and Infrastructure Security Agency (“CISA”) has provided advice on identifying … Continue Reading

COVID-19, Scientific Research and the GDPR – Some Basic Principles

As scientists work around the clock to gain insights into the Corona virus and how to fight it, public and private-sector stakeholders are in discussions to promote the rapid exchange of scientific data. During these discussions, the GDPR acronym inevitably rears its head and casts doubt over what is lawful. The GDPR and national data … Continue Reading

Global Privacy Assembly Issues Statement on COVID-19

On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement on data protection in the context of the COVID-19 pandemic. The GPA is an entity representing data protection and privacy regulators around the globe, formerly known as the International Conference of Data Protection and Privacy Commissioners (“ICDPPC”). The GPA … Continue Reading

Italian Government and Trade Unions Sign Protocol on Fighting COVID-19 in the Workplace

On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace. The protocol also includes provisions on the processing of personal data of employees.  In particular, it provides that employers may subject their employees to pro-active body temperature controls before entering … Continue Reading

German Authorities Issue Guidance Related to Coronavirus

Over the past several days, Germany Supervisory Authorities and health authorities have issued statements and guidance about the handling of personal data in the context of the ongoing COVID-19 pandemic.  In this blog, we consider some these statements in greater detail, as well as their implications for employers and employees.… Continue Reading

EDPB Chair Issues Statement on Data Protection and COVID-19

On March 16, 2020, the Chair of the European Data Protection Board (“EDPB”), Andrea Jelinek, issued a statement on the processing of personal data in the context of the COVID-19 outbreak. The statement made clear that EU data protection law does not stand in the way of the adoption of measures to fight against the Coronavirus pandemic.  However, … Continue Reading

Belgian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

On March 13, 2020, the Belgian data protection authority (“APD”) issued guidance on data protection and COVID-19. The guidance is mainly aimed at employers processing personal data of employees in the context of the measures they have taken to contain the spreading of COVID-19. The guidance is divided in the following three parts: legal basis … Continue Reading
LexBlog