Updates on developments in data privacy and cybersecurity
On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace.
The protocol also includes provisions on the processing of personal data of employees. In particular, it provides that employers may subject their employees to pro-active body temperature controls before…
On March 13, 2020, the Belgian data protection authority (“APD”) issued guidance on data protection and COVID-19. The guidance is mainly aimed at employers processing personal data of employees in the context of the measures they have taken to contain the spreading of COVID-19.
The guidance is divided in the following three parts:
…
Continue Reading Belgian Supervisory Authority Issues Guidance on Data Protection and Coronavirus
On March 10, 2020, the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”) issued guidance on data protection and COVID-19. The NAIH highlights that controllers processing personal data in the context of their efforts to prevent the spread of COVID-19 must comply with the GDPR as well as Hungarian data protection law. The guidance applies to public and private organisations, their employees and contractors, as well as other third parties (e.g. clients, visitors). The NAIH emphasises that any kind of data processing under the current circumstances has to adhere to the principles of the GDPR, especially that of accountability.
…
Continue Reading Hungarian Supervisory Authority Issues Guidance on Data Protection and Coronavirus
On March 12, 2020, the Spanish Supervisor Authority (“AEDP”) issued a statement and a report on data protection and COVID-19. The AEPD highlights that controllers processing personal data in the context of their effort to prevent COVID-19 must comply with the GDPR, the Spanish Data Protection Law and the Spanish sectorial health laws. However, the AEPD underlines that these laws do not stand in the way of addressing the challenges posed by the COVID-19 epidemic.
…
Continue Reading Spanish Supervisory Authority Issues Statement on Data Protection and Coronavirus
On March 6, 2020, the Irish Supervisory Authority (“DPC”) issued guidance on how companies should process personal data when taking steps to contain the spread and mitigate the effects of COVID-19.
The DPC made clear that data protection law does not stand in the way of the provision of healthcare and the management of public…
On March 10, 2020, the Norwegian Supervisory Authority (“Datatilsynet”) issued guidance on the processing of personal data in the context of the corona virus (“COVID-19”) crisis (see here, in Norwegian).
Datatilsynet stressed that the GDPR allows the processing of special categories of data (e.g., health data) if the processing is necessary for…
On March 6, 2020, the French Supervisory Authority (“CNIL”) released a statement on processing personal data in light of COVID-19.
The CNIL notes that while everyone should take measures to prevent the spread of the virus, such efforts must comply with applicable data protection rules, in particular when collecting and processing sensitive health data. As…
