Privacy Leaders’ Views – The Impact of COVID-19 on Privacy Priorities, Practices and Programs

In this white paper series, the IAPP and EY sought privacy leaders’ views on the top privacy challenges stemming from COVID-19, the privacy implications of potentially permanent changes in our way of working, the impact of the pandemic on privacy programs and budgets, how to increase consumer and employee trust amid an increase in data processing, necessary legislative changes, and regulators' enforcement priorities.

Each piece in the series captures privacy leaders’ thoughts, experiences, challenges and recommendations on companies’ immediate COVID-19 response; the new reality and strategic priorities; surveillance and data sharing for the public good; and the actions needed by companies, legislators and regulators to build trust moving forward.

Series overview

Immediate Industry Response
This article examines how companies accelerated digital transformation and privacy reviews in response to remote work, health data collection, and government tracing needs during the early stages of COVID‑19. It details privacy leaders’ top priorities, including employee health data management and securing virtual work environments.
View white paper

The New Reality and Strategic Priorities
This article explores how the pandemic permanently reshaped organizational operations, with privacy leaders anticipating more virtual work, continued focus on privacy as a strategic priority, and shifting budgets toward automation and distributed privacy teams. It highlights both the benefits and challenges of increasingly remote, digitized workflows for privacy functions.
View white paper

Surveillance and Data Sharing for the Public Good
This article discusses privacy leaders’ perspectives on pandemic‑era surveillance and the balance required between enabling public health data sharing and protecting individual privacy. It examines how expanding data collection for public benefit raises complex questions about trust, transparency, and long‑term implications for privacy frameworks.
View white paper

Building Trust through Industry Action, Legislation and Enforcement
This article analyzes how companies, legislators, and regulators can strengthen trust in data protection during and after the pandemic, emphasizing transparency, communication, data ethics, and user‑centric design. It also highlights findings on consumer trust levels across sectors and the need for stronger enforcement and clearer privacy protections.
View white paper

Further Info

Privacy leaders across disciplines and around the world agree principles-based data protection laws and mature privacy programs have proven resilient in the face of innumerable data protection challenges brought on by COVID-19. They agree that as data processing to track and trace ramps up and our lives and identities are digitized, privacy is transcendent.

But, their views on the top privacy priorities and challenges stemming from COVID-19 diverged. Their perspectives reflect their vantage points and the role each plays in shaping and responding to the new reality brought on by the pandemic.

Practitioners implementing privacy on the ground across business sectors focused on the most immediate challenges, highlighting employee privacy protections and virtualization challenges as the top priorities as they prepared for work-from-home and return-to-work transitions. They expressed gratitude that privacy remains a strategic business priority and that their teams have not been disproportionately impacted by budget cuts.

Policymakers, regulators and academics focused on bigger-picture societal concerns and cited the increase and normalization of surveillance — by governments and commercial actors — as their top priority. Still, they acknowledged the myriad practical challenges organizations face as a result of the pandemic and discussed the flexibility and guidance they have provided to assist in their data protection efforts.

The narratives of both groups intersected when discussing one type of “surveillance,” specifically, “data sharing for the public good” and the role companies have played in sharing commercial data or developing applications to help governments fight the pandemic. These shared responsibilities then teed up questions and ideas about how privacy leaders in government and industry should respond and legislative and enforcement priorities should shift to enhance individual trust in how personal data is processed in times of crisis and in the new more virtual reality.

Special thanks to the following contributors to this series:

• Vivienne Artz
• Amit Ashkenazi
• Andy Bloom
• Jared Bomberg
• Rohit Chopra
• Lorrie Cranor
• Elizabeth Denham
• Patrice Ettinger
• Eric Goldman
• Tony Lam
• Peter Lefkowitz
• Caroline Louveaux
• Kirk Nahra
• Timothy Noonan
• Noah Phillips
• JoAnn Stonier
• Scott Taylor
• Eduardo Ustaran
• Sophie i’nt Veld
• Ruby Zefo