Archives: Privacy & Data Protection

Subscribe to Privacy & Data Protection RSS Feed

Dutch court holds that a grandmother is in breach of the GDPR for failing to remove photos of her grandchildren from social media platforms

A Dutch court has held that a grandmother was in breach of the General Data Protection Regulation (GDPR) for posting pictures of her grandchildren on social media platforms without their parents’ consent and refusing to delete them after multiple requests. The GDPR does not apply to the processing of personal data by an individual “in … Continue Reading

ICO issues guidance on workplace coronavirus testing

It has been 64 days since the UK officially went into lockdown due to the COVID-19 crisis, with many ‘non-essential’ workers vacating their workplace. In preparation for sending the UK back to work, the Information Commissioner’s Office (ICO) has issued FAQ-style guidance to assist employers wishing to track and test employees’ symptoms (available here). Health … Continue Reading

Key considerations for businesses in the Asia-Pacific region managing data privacy risks

Company investigations (whether self-initiated or required by regulators) generally require the collection, review, and analysis of data to identify documents and other materials that are relevant to the investigation. An investigation may result in the need to access sensitive personal data or, frequently, involve the review of other materials that happen to include personal data … Continue Reading

The Commission’s eHealth Network looks to develop the interoperability framework for contact tracing apps

On 13th May, the European Commission’s eHealth Network published its interoperability guidelines for approved contact tracing mobile applications in the EU, guiding developers when designing and implementing applications and backend solutions to ensure efficient tracing of cross-border infection chains. These guidelines serve as a follow-up action to their previously published ‘Common EU Toolbox for Member … Continue Reading

No, we haven’t forgotten about Brexit: UKTF publishes a draft agreement for the future EU-UK partnership

On 18 March, the Task Force for Relations with the United Kingdom (UKTF) of the European Commission published its Draft Text of the Agreement on the New Partnership with the United Kingdom (Draft Agreement). It translates the negotiating directives, approved by Member States, into a legal text, in line with the Political Declaration agreed between … Continue Reading

Singapore proposes significant changes to its data protection law

The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation. Key amendments proposed in the Bill include: Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher. Mandatory data … Continue Reading

Digital contact tracing and coronavirus: The Council of Europe’s take

The chair of the Council of Europe’s data protection ‘Convention 108’ committee, Alessandra Pierucci, and the Council of Europe Data Protection Commissioner, Jean-Philippe Walter, have recently released a joint statement on digital contact tracing in the fight against coronavirus. Digital contact tracing is being used in many countries to help control the spread of coronavirus … Continue Reading

EDPB’s new guidelines relieve concerns over processing health data for scientific research

The novel coronavirus pandemic has created an immediate and immense need for scientific research. Amid this urgency, the European Data Protection Board (EDPB), during its twenty-third plenary session held on April 21, adopted guidelines to shed light on legal questions concerning the use of health data (pursuant to article 4(15) of the General Data Protection … Continue Reading

Never forget a face: Potential impact of facial recognition and biometrics on the real estate world in response to COVID-19

The use of facial recognition and other biometric technologies by businesses, retailers, and landlords continues to grow and has found a new application in response to the COVID-19 pandemic. Proper implementation and management of these technologies can help increase security and limit physical contact. Real estate management firms and various businesses may be able to … Continue Reading

The immediate actions that a general counsel and their in-house legal team should take as a priority during a crisis

All businesses are concerned with whether their revenue and custom will continue during a crisis. When their services (more importantly those involving technology) depend on the use of third party suppliers, businesses should also think about their own ability to deliver. Questions that business managers will be agonising over during a crisis include: Will our … Continue Reading

Remember to consent in the time of COVID-19

In a world where we have been ordered to stay home and shelter in place to combat the spread of COVID-10 our children are now learning remotely. While it is fortunate that technology allows students to continue the school year at home, remote learning presents an obstacle where children’s privacy is concerned. In the United … Continue Reading

Amendments to D.C.’s data breach law create new data security and breach notification obligations for businesses

On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215.  Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents.  Below is a summary of the key changes of which businesses should be aware.… Continue Reading

California relaxes key telehealth regulatory requirements during COVID-19 emergency

On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal … Continue Reading

U.S. cybersecurity – points to remember when business is not as usual

As the U.S. economy and educational system adapt to work and life at home, it is important to remember that cybersecurity (and related privacy) risks remain and are evolving. Remembering to think through measures that are in place to protect personal information, proprietary information, confidential information, and information needed for ongoing operations can help businesses … Continue Reading

A whistle-stop tour of the potential data protection implications of the new Coronavirus Act

In a matter of three days, Parliament passed a bill granting emergency powers to the government to deal with the COVID-19 outbreak. The Queen granted Royal Assent on 25 March 2020, bringing into force the Coronavirus Act 2020 (the Act) (the Act). The Act, amongst other things, gives the government wide-ranging powers to restrict events … Continue Reading

FCC issues guidance on the TCPA’s “emergency purposes exception” based on the COVID-19 pandemic

The Telephone Consumer Protection Act (the TCPA) restricts telemarketing and the use of automated telephone equipment for phone calls, faxes, and text messages. The TCPA provides a private right of action and significant statutory penalties, and therefore is an area of significant risk for any company that communicates with its customers, particularly by phone or … Continue Reading

U.S. data privacy considerations in the time of COVID-19

As businesses and individuals across the globe struggle to adapt to a new normal of remote work and social distancing due to the COVID-19 (a/k/a novel coronavirus) pandemic, they should also be aware of a number of U.S. data privacy and data security implications arising from these changes. In addition, businesses must be cognizant of … Continue Reading

FAQs for businesses and employers in the UK during the COVID-19 outbreak

Since March 11, when the World Health Organization (WHO) officially categorised the coronavirus disease (COVID-19) as a pandemic, it has become clear that the world is immensely struggling with the outbreak. It has even led to a massive slowdown in economic activity, causing volatility and turbulence in the financial markets. Therefore, apart from being a … Continue Reading

Final blow to the UPC project? German law ratifying UPCA is void

European countries have pursued the project of creating a Unitary Patent and a Unified Patent Court (UPC), since the early seventies. Success seemed within reach in 2013 when the international Agreement on a Unified Patent Court (UPCA) was concluded and subsequently ratified by several states. However, in 2017 the project came to a grinding halt … Continue Reading

Germany Coronavirus FAQs for businesses and employers

The current outbreak of coronavirus disease (COVID-19) is causing the world to struggle. It is clear that coronavirus is a threat to all human beings. It has also become clear that coronavirus is a threat to the health of the world economy and businesses. On March 11, 2020 the World Health Organization (WHO) characterized the … Continue Reading

U.S. Department of Health and Human Services issues final rules expected to transform how certain stakeholders share patient information

The U.S. Department of Health and Human Services (HHS) released companion interoperability and information blocking final rules that will significantly impact the way in which certain health care providers, health information technology (IT) developers, and health plans share patient information. For a discussion on major provisions of these rules, please read our post on our … Continue Reading

Singapore data protection law FAQ for employers

Since coming into effect in 2014, Singapore’s personal data protection law has been active enforcing the law since its passing. The law applies to all organizations operating in Singapore, regardless of their size and the nature of their business. Companies that employ personnel in Singapore must take note of how Singapore data protection law applies … Continue Reading

Vermont Attorney General brings first data broker enforcement action

On March 10, 2020, Vermont Attorney General T.J. Donovan initiated an enforcement action based on Vermont’s new data broker law against Clearview AI, Inc. Vermont’s data broker law, which became effective January 1, 2019, governs data brokers, which it defines as companies that collect and sell or license to third parties the personal information of … Continue Reading
LexBlog