As COVID-19 vaccination becomes required in more personal and professional contexts, several different frameworks have emerged that propose both guiding principles and technical requirements for vaccine verification systems, including those developed by the World Health Organization (WHO) and the Good Health Pass Collaborative (GHPC).
Continue Reading COVID-19 Vaccine Verification Frameworks: Emerging Standards Seek to Balance Privacy Concerns With Public Health Benefits

On February 4, 2021, the House Energy and Commerce’s Subcommittee on Consumer Protection and Commerce held a hearing entitled, “Safeguarding American Consumers: Fighting Scams and Fraud During the Pandemic.”  The hearing focused on the FTC’s ability to obtain equitable monetary relief under Section 13(b) of the FTC Act – an issue that is currently being considered by the Supreme Court in AMG Capital Management LLC v. Federal Trade Commission.

To gain a better understanding of the deceptive marketing campaigns seeking to exploit the ongoing public health crisis and the challenges the FTC faces in fighting fraud, the Subcommittee invited Bonnie Patten, Executive Director of TruthInAdvertising.org; Jessica Rich, former Bureau of Consumer Protection Director and Distinguished Fellow of the Institute for Technology Law & Policy at Georgetown Law School; William E. Kovacic, former FTC Chairman and Global Competition Professor of Law at George Washington University Law School; and Traci Ponto, Spokane COPS Crime Victim Advocate at Spokane Community Oriented Policy Services.
Continue Reading Hearing on Consumer Protection During the Pandemic Focuses on FTC’s Equitable Monetary Authority

In a new post on the Covington Inside Tech Media Blog, our colleagues discuss how the pandemic is driving connected and automated vehicle (CAV) initiatives at the federal and state levels.  At the federal level, NHTSA and Congress have recently expressed support for utilizing CAV technology to address pandemic-related challenges.  In California, a privacy bill

On May 11, 2020, the UK Information Commissioner’s Office (“ICO”) published guidance on how employers should handle data in the event they choose to test their employees for COVID-19.

The guidance provides a clear reminder that employers must comply with both the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), and that health data, in particular, attracts additional protections.
Continue Reading ICO Issues COVID-19 Guidance for Employers

On May 6, 2020, the Italian Supervisory Authority (“Garante”) published a list of frequently asked questions (“FAQs”) and answers on data protection and COVID-19 (see here, in English).

The FAQs build on and expand guidance previously issued by the Garante (see our blog post here), and take into account recent measures adopted by Italian authorities, such as the Protocol on Fighting COVID-19 in the Workplace that the Italian government signed with several trade unions on March 14, 2020 (see our blog post here), which was slightly amended on April 24, 2020 (see here).

Among other topics, the FAQs cover: (1) data processing by private employers in the context of the COVID-19 health emergency; and (2) data processing in clinical trials and medical research in the context of the COVID-19 health emergency.
Continue Reading Italian Supervisory Authority Publishes FAQs on Data Protection and COVID-19

Senate Commerce Committee Chairman Roger Wicker is working on draft legislation that would regulate the collection and use of health and location information in connection with efforts to track and limit the spread of COVID-19.   Some key highlights of the tentatively titled “COVID-19 Consumer Data Protection Act” include:
Continue Reading Republicans Poised To Introduce COVID-19 Privacy Bill

On April 7, 2020, the European Data Protection Board (“EDPB”) announced that it assigned specific mandates to two expert subgroups to prepare guidance on a number of Covid-19 related topics. The list of topics chosen by the EDPB reflects those that have received the closest scrutiny by the national authorities.
Continue Reading EDPB will issue data protection guidance on several topics relating to COVID-19

On April 2, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a Notification of Enforcement Discretion (the “Notification”) regarding the disclosure of protected health information (“PHI”) to public health authorities and use of PHI to perform analytics for such authorities.  Designed to “facilitate uses and disclosures for public health and health oversight activities during this nationwide public health emergency,” the Notification relaxes HHS’s enforcement of certain provisions of the Privacy Rule issued  under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  More specifically, the Notification announces that, under certain circumstances, HHS will not impose penalties for violations of such provisions against covered health care providers and their business associates for the use and disclosure of PHI “by business associates for public health and health oversight activities” in connection with the COVID-19 nationwide public health emergency.
Continue Reading HHS Seeks to Facilitate Certain Uses and Disclosures of Health Data to Public Health and Health Oversight Agencies Amidst COVID-19 Nationwide Public Health Emergency

Pan-European Privacy Preserving Proximity Tracing Initiative

According to media sources, an EU consortium led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) will soon release software code that can be used to create apps that will help track transmission chains of COVID-19.  The Pan-European Privacy Preserving Proximity Tracing (“PEPP-PT”) project comprises more than 130 members across eight European countries, including scientists, technologists, and experts.

The PEPP-PT project has published a manifesto explaining its intention to create “well-tested proximity tracking technologies” that national authorities can use to create their own COVID-19 apps.  According to the manifesto, these technologies ensure “secure data anonymization” and “cross border interoperability”.  The apps concerned would inform users, based on the phone’s Bluetooth signals, whether they have been in the proximity of a person who was tested positive for COVID-19.

National public authorities developing apps on the basis of this software remain free to decide how to inform persons that have been in contact with someone who has tested positive.  The PEPP-PT website states that national cyber security agencies and national data protection agencies will assess the apps that are created using the code released by the PEPP-PT.  EU Commissioner Thierry Breton indicated that the European Commission is also investigating whether an app using the PEPP-PT software would be compliant with “EU values”, reflecting the privacy concerns associated with such apps.
Continue Reading COVID-19 Apps and Websites – The “Pan-European Privacy Preserving Proximity Tracing Initiative” and Guidance by Supervisory Authorities