FCC issues guidance on the TCPA’s “emergency purposes exception” based on the COVID-19 pandemic

The Telephone Consumer Protection Act (the TCPA) restricts telemarketing and the use of automated telephone equipment for phone calls, faxes, and text messages. The TCPA provides a private right of action and significant statutory penalties, and therefore is an area of significant risk for any company that communicates with its customers, particularly by phone or text. In an effort to ease restrictions in light of the COVID-19 outbreak, the Federal Communications Commission (FCC) has issued guidance clarifying that informational calls that are directly related to the imminent health or safety risk arising out of the COVID-19 outbreak and made by certain types of callers are exempt from the TCPA requirements under the “emergency purposes exception.”

Under the TCPA, telemarketers are required to obtain prior express written consent before making calls to landline or wireless phones with prerecorded telemarketing messages and before using an automatic telephone dialing system (ATDS) to call or text any wireless phones with telemarketing messages.

Notably, the TCPA expressly excludes calls made for “emergency purposes,” from the Act, including “calls made necessary in any situation affecting the health and safety of consumers.” This exception is intended for situations posing “significant risks to public health and safety” where the use of such calls could “speed the dissemination of information regarding” such risks or conditions.

Continue Reading

U.S. data privacy considerations in the time of COVID-19

As businesses and individuals across the globe struggle to adapt to a new normal of remote work and social distancing due to the COVID-19 (a/k/a novel coronavirus) pandemic, they should also be aware of a number of U.S. data privacy and data security implications arising from these changes. In addition, businesses must be cognizant of data privacy limitations when collecting and considering sharing information about an individual’s COVID-19 symptoms or illness with third parties, including government agencies.

Our recent client alert will help answer these privacy questions businesses may have.

FAQs for businesses and employers in the UK during the COVID-19 outbreak

Since March 11, when the World Health Organization (WHO) officially categorised the coronavirus disease (COVID-19) as a pandemic, it has become clear that the world is immensely struggling with the outbreak. It has even led to a massive slowdown in economic activity, causing volatility and turbulence in the financial markets. Therefore, apart from being a threat to our health, COVID-19 has proven that it is and will continue to be a threat to the world economy and businesses.

Governments throughout the world have put in place measures to promote social distancing and restrict the transmission of the disease. The UK is also starting to see a tightening of approach, with Prime Minister Boris Johnson saying that everyone should avoid going to pubs, clubs and theatres and, if possible, work from home, as a part of a range of new stringent measures.

Businesses are also working on creating a safe and healthy work environment for their employees, customers and business partners. In this time of coronavirus, this includes certain health related measures. With growing data protection concerns among businesses, this alert looks at the data protection issues at an EU and UK level and seeks to provide answers to a number of legal questions we have been asked in the past few days as well as give guidance on whether or not certain measures comply with applicable laws in the UK. Despite many EU countries issuing guidance, the spokesperson for the EU Data Protection Board issued a helpful statement on the virus which provides an overview of the EU approach.

Final blow to the UPC project? German law ratifying UPCA is void

European countries have pursued the project of creating a Unitary Patent and a Unified Patent Court (UPC), since the early seventies. Success seemed within reach in 2013 when the international Agreement on a Unified Patent Court (UPCA) was concluded and subsequently ratified by several states. However, in 2017 the project came to a grinding halt in the biggest contracting state, Germany, when a single patent practitioner filed a complaint against the national law ratifying the UPCA. With a 5:3 majority decision the German Constitutional Court confirmed that the law is void.  Read more about this decision here.

Germany Coronavirus FAQs for businesses and employers

The current outbreak of coronavirus disease (COVID-19) is causing the world to struggle. It is clear that coronavirus is a threat to all human beings. It has also become clear that coronavirus is a threat to the health of the world economy and businesses.

On March 11, 2020 the World Health Organization (WHO) characterized the virus outbreak as a pandemic. The stock markets duly crashed. Governments began to prohibit certain events and close down schools. However, it is not exactly clear how big the threat is. Is COVID-19 already a “serious cross-border threa[t] to health” (article 9.2(i) GDPR)? Are German businesses permitted to ask customers, visitors and employees if they suffer from a cough or other symptoms? Are German employers permitted to send employees who have a runny nose home? Who bears the costs if commercial agreements cannot be performed or if events are canceled?

Businesses are looking to create a safe and healthy work environment for their employees, customers and business partners. During the course of the coronavirus pandemic, this will include adopting certain health-related measures. Our recent alert will answer legal questions we have been asked in the past few days and give guidance on whether or not certain measures comply with applicable laws in Germany; many of the answers will also apply in other EU countries.

U.S. Department of Health and Human Services issues final rules expected to transform how certain stakeholders share patient information

The U.S. Department of Health and Human Services (HHS) released companion interoperability and information blocking final rules that will significantly impact the way in which certain health care providers, health information technology (IT) developers, and health plans share patient information. For a discussion on major provisions of these rules, please read our post on our Health Industry Washington Watch blog.

Singapore data protection law FAQ for employers

Since coming into effect in 2014, Singapore’s personal data protection law has been active enforcing the law since its passing. The law applies to all organizations operating in Singapore, regardless of their size and the nature of their business. Companies that employ personnel in Singapore must take note of how Singapore data protection law applies to them.

To read more about Singapore’s data protection law in the employment context, click here.

Vermont Attorney General brings first data broker enforcement action

On March 10, 2020, Vermont Attorney General T.J. Donovan initiated an enforcement action based on Vermont’s new data broker law against Clearview AI, Inc.

Vermont’s data broker law, which became effective January 1, 2019, governs data brokers, which it defines as companies that collect and sell or license to third parties the personal information of a consumer with whom the business does not have a direct relationship. The law requires that data brokers (a) annually register with the Vermont Secretary of State, including completing certain necessary disclosures, and (b) maintain minimum data security standards. The law also prohibits any businesses or individuals – not just data brokers – from acquiring brokered personal information through fraudulent means or for the purpose of stalking, harassment, discrimination, or fraud.

According to the complaint, Clearview, which only registered as a Vermont data broker in January 2020 shortly before the publication of a New York Times article discussing many of the issues outlined in the complaint, uses “screen scraping” to amass a database of three billion photographs. Clearview then combines those photographs with facial recognition technology to create a commercial service that allows a customer to upload a photograph and “instantly identify the individual through facial recognition matching.” While Clearview claims the technology exists to help law enforcement, the complaint alleges that Clearview has also provided its app to for-profit entities, investors, and foreign governments.

Continue Reading

Still working on it – draft CCPA regulations are modified a second time

Last week, on March 11, the California Department of Justice, Office of the Attorney General (AG) released its second set of revisions to its draft regulations under the California Consumer Privacy Act (CCPA). This second set of proposed revisions is based in part on comments received in response to an initial set of proposed revisions released by the AG last month (see February 10 Reed Smith client alert here). Written comments to this second set of proposed revisions must be submitted by March 27, 2020.

This set of proposed revisions was not extensive. Highlights appear below. Continue Reading

COVID-19 outbreak: Data privacy issue requirements on employee personal data differ in China, Hong Kong, and Singapore

On January 30, 2020, The World Health Organization (WHO) declared that the outbreak of novel coronavirus (COVID-19) is a “public health emergency of international concern.” This was, in part, an acknowledgement of the geographic spread of the virus and the need for intensified support for preparation and response, especially in vulnerable countries and regions. Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public health emergency for the United States. Further information from the CDC can be found here. COVID-19 is now affecting an increasing number of countries in Asia, including Korea, and Japan.

This alert focuses on issues relating to data privacy in an employment context. We outline common issues that businesses operating in the People’s Republic of China (PRC or China), Hong Kong, and Singapore are likely to face arising from the outbreak of COVID-19. The issues that we have identified are not meant to be exhaustive. As this is a developing situation, governments are revising their responses to mitigate the emerging risk to public health.