COVID-19

In order to combat the proliferation of COVID-1, several EU Member States have strongly recommended or required that employees engage in teleworking, rather than attend work as normal. In this context, the European Union Agency for Cybersecurity (“ENISA”), on March 15, 2020, issued its “top tips for cybersecurity when working remotely”. Some data protection Supervisory

In response to the drastic increase of U.S. employees working remotely, the U.S. Federal Trade Commission (“FTC”) and the U.S. National Institute of Standards and Technology (“NIST”) have both issued guidance for employers and employees on best practices for teleworking securely.  In addition, the Cybersecurity and Infrastructure Security Agency (“CISA”) has provided advice on identifying essential workers, including IT and cybersecurity personnel, in critical infrastructure sectors that should maintain normal work schedules if possible.  Each set of guidance is discussed in further detail below.
Continue Reading COVID-19 Cybersecurity Advice: FTC, NIST, and CISA Release Guidance on Secure Teleworking and Critical Infrastructure Jobs

As scientists work around the clock to gain insights into the Corona virus and how to fight it, public and private-sector stakeholders are in discussions to promote the rapid exchange of scientific data. During these discussions, the GDPR acronym inevitably rears its head and casts doubt over what is lawful. The GDPR and national data

On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement on data protection in the context of the COVID-19 pandemic. The GPA is an entity representing data protection and privacy regulators around the globe, formerly known as the International Conference of Data Protection and Privacy Commissioners (“ICDPPC”).

The GPA

On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace.

The protocol also includes provisions on the processing of personal data of employees.  In particular, it provides that employers may subject their employees to pro-active body temperature controls before

Over the past several days, Germany Supervisory Authorities and health authorities have issued statements and guidance about the handling of personal data in the context of the ongoing COVID-19 pandemic.  In this blog, we consider some these statements in greater detail, as well as their implications for employers and employees.
Continue Reading German Authorities Issue Guidance Related to Coronavirus

On March 16, 2020, the Chair of the European Data Protection Board (“EDPB”), Andrea Jelinek, issued a statement on the processing of personal data in the context of the COVID-19 outbreak.

The statement made clear that EU data protection law does not stand in the way of the adoption of measures to fight against the Coronavirus pandemic.  However, it stressed that controllers (including employers), as well as governments, should be mindful of a number considerations when adopting measures to fight the pandemic that involve the processing of personal data.Continue Reading EDPB Chair Issues Statement on Data Protection and COVID-19

On March 13, 2020, the Belgian data protection authority (“APD”) issued guidance on data protection and COVID-19. The guidance is mainly aimed at employers processing personal data of employees in the context of the measures they have taken to contain the spreading of COVID-19.

The guidance is divided in the following three parts:

  • legal basis for processing data;
  • other data protection principles; and
  • frequently asked questions about the processing of employee health data by employers.

Continue Reading Belgian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

On March 10, 2020, the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”) issued guidance on data protection and COVID-19. The NAIH highlights that controllers processing personal data in the context of their efforts to prevent the spread of COVID-19 must comply with the GDPR as well as Hungarian data protection law. The guidance applies to public and private organisations, their employees and contractors, as well as other third parties (e.g. clients, visitors). The NAIH emphasises that any kind of data processing under the current circumstances has to adhere to the principles of the GDPR, especially that of accountability.
Continue Reading Hungarian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

On March 12, 2020, the Spanish Supervisor Authority (“AEDP”) issued a statement and a report on data protection and COVID-19. The AEPD highlights that controllers processing personal data in the context of their effort to prevent COVID-19 must comply with the GDPR, the Spanish Data Protection Law and the Spanish sectorial health laws. However, the AEPD underlines that these laws do not stand in the way of addressing the challenges posed by the COVID-19 epidemic.
Continue Reading Spanish Supervisory Authority Issues Statement on Data Protection and Coronavirus