The avalanche of COVID-19 applications developed to manage the pandemic has caused debates over the balance of public interest and the basic human right to privacy. COVID-19 apps, such as digital contact-tracing apps and statistical data analysis tools that help identify patterns that could lead to cures or prevention measures, have understandably led to the mixed emotion of excitement and concern. There is an excitement that experts could process the data to identify ways to curb the virus and ... Read More

The U.S. Senate Committee on Commerce, Science and Transportation held a hearing last December on what Congress should consider when crafting a federal privacy law. Nearly a year later, another hearing was held to revisit the topic, but in a world wholly unrecognizable from when the committee adjourned last year. It's an understatement to say the COVID-19 pandemic dramatically altered life as we knew before. Countless people are working from home, students have shifted to remote learning, and t... Read More

Times of emergency have a clarifying effect, and the current COVID-19 pandemic is no exception. Emergencies often reveal what’s important versus what we once might have thought was important. Until this point, the steady drumbeat of privacy was for more restrictions and individual rights. This seemed natural. Many countries view privacy as a fundamental right afforded to their citizens. Yet what this crisis has revealed is that as a society, en masse, we are often willing to trade some of our pr... Read More

Researchers at The Alan Turing Institute found the U.K. National Health Service COVID-19 contact-tracing application for England and Wales is assisting in reducing the impact of the virus, preventing between 224,000 and 914,000 new cases from October to December 2020, BankInfoSecurity reports. The U.S. Department of Homeland Security selected California-based startup AppCensus to “develop an on-demand, automated mobile-app testing system” that will gauge the privacy and security risks of COVI... Read More

Denmark’s data protection authority, Datatilsynet, announced a probe into the handline of COVID-19 test results by Medicals Nordic. Datatilsynet will examine data protection practices used for the exchange of tests between staff members over WhatsApp chat. The Irish Examiner reports telecommunications company Three is supplying location data on its 2.4 million customers to help the Irish government track COVID-19-related restrictions. Ireland’s Department of Health is using the data to monito... Read More

An Austin, Texas-based company’s artificial intelligence camera can detect those who may have a COVID-19-related fever, Fast Company reports. Athena Security’s camera system uses an AI model to view a subject’s inner eye, which can reflect body temperature. The thermal camera records an image of those with a fever. Athena CEO Lisa Falzone said the technology will be seen more in places like airports and hospitals where access depends on an individual’s temperature.Full Story... Read More

U.S. Customs and Border Protection will begin using biometric facial-comparison technology to monitor pedestrians traveling through the Brownsville, Texas, border crossing, Government Technology reports. The technology will photograph each pedestrian traveler entering the U.S. and compare that image to passport and ID photos stored in government records. Privacy advocates argue the program violates travelers’ privacy rights, adding CBP is not following an opt-out policy for U.S. citizens.Full St... Read More

The COVID-19 pandemic has brought many things in life to a screeching halt. For many organizations, the outbreak has meant shuttering, limiting or digitalizing most, if not all, operations. Those types of transitions and subsequent hardships have led some in the privacy space to question whether it's right for California Attorney General Xavier Becerra to go forward with California Consumer Privacy Act enforcement July 1. A coalition of 35 advertising groups sent the attorney general a letter M... Read More

MediaPost reports the Association of National Advertisers, Interactive Advertising Bureau, American Association of Advertising Agencies and 32 other groups want the California attorney general to delay enforcement of the California Consumer Privacy Act due to the current COVID-19 outbreak. “Now is not the time to threaten business leaders with premature CCPA enforcement lawsuits,” the groups write. Meanwhile, DLA Piper has published its take on the third version of the California Consumer Privac... Read More

At the beginning of each school year, there are many papers to be signed. I agree I have (1) read the student handbook, (2) health forms, (3) appropriate use of technology at school, (4) photos of my children for promotional purposes, and so on. Then, this year out of the blue, a new consent shows up — a consent to record classes for operational purposes — and if I don’t sign it, it will significantly impact my child’s education. Wait … what?  This doesn’t sound right. What exactly are opera... Read More

Experts discuss how we can protect children's privacy during the COVID-19 epidemic and as they head back to school. Read More

The U.S. Occupational Safety and Health Administration revised guidelines May 19 that require employers to determine whether employees who have contracted COVID-19 did so in the workplace.  According to OSHA's recordkeeping requirements, employers are required to conduct investigations about the cause of an employee's infection with certain parameters. In the revised guidelines, which went into effect May 26, "employers should be taking action to determine whether employee COVID-19 illnesses ar... Read More

Global accounting firm PricewaterhouseCoopers created a facial recognition tool to help financial institutions track employees as they work from home, Personnel Today reports. The software taps into employees' webcams to capture face images and detects when employees are not in front of their screens during work hours. PwC said the technology aims to help traders abide by regulations "in the least intrusive, pragmatic way." Meanwhile, Amazon plans to deploy artificial intelligence tracking syste... Read More

Diagnostic and antibody testing for COVID-19 is increasing significantly as governments and health authorities look for data to inform decisions about how to safely end lockdowns and restart economies. While public health and safety concerns are paramount, there are numerous privacy questions worth asking when testing and health monitoring for COVID-19. IAPP Legal Research Fellow Cathy Cosgrove explores some of those issues and questions in this piece for The Privacy Advisor.Full Story Infograp... Read More

Over the last few months, we have seen organizations impose various obligations on their employees, visitors and customers to combat the spread of COVID-19. The underlying measures first began with completed health questionnaires, moved to requiring temperature checks of people entering buildings, along with the installation of thermal cameras at office entrances, and now there are regular blood tests for employees whose presence is essential for business continuity. How did the Hungarian gover... Read More

Euractiv reports the Hungarian government intends to suspend certain rights and protections provided by the EU General Data Protection Regulation until the COVID-19 outbreak subsides. Under the new measures, citizens will see a pause on their right to data access and erasure, while any legal actions pertaining to alleged GDPR violations will also be delayed. Opposition politician Bernadett Szél plans to challenge the suspension of rights in the Constitutional Court of Hungary, claiming that "res... Read More

A first-of-its-kind judicial decision sets out the rules for lawful tracking in an epidemic outbreak situation. The Israeli Supreme Court strikes a balance between COVID-19-related contact tracing technology and the right to privacy in a landmark decision about the government’s limits of power and the rights to privacy and dignity. The Israeli government enforces the isolation of confirmed patients and people who came in close contact with them in an effort to contain the spread of the COVID-19... Read More

There are several reasons public health authorities may seek to collect COVID-19 data from private companies, including hospitals and health care providers. One of the top reasons is to track the spread of the virus and monitor the emergence of new clusters of infections so resources can be directed to areas most in need. Another reason is to send information to people who may have come into contact with someone who was diagnosed with or is suspected to have COVID-19. Given this reality, let's ... Read More

Now, perhaps more than ever before, it is critical to understand how governments around the world protect the personal information they exchange with each other. In their just-released third edition of "The Guide to U.S. Government Practice on Global Sharing of Personal Information," Onfido Director of Privacy Neal Cohen, CIPP/E, CIPP/US, and Northrop Grumman Corporation John Kropf, CIPP/E, CIPP/G, CIPP/US, help us do just that. Cohen and Kropf’s guide walks readers through existing accords tha... Read More

Electronic vaccination credentials through smartphone applications could soon be used to control the COVID-19 pandemic and enable college campuses, venues and more to reopen, The New York Times reports. The technology raises concerns for civil liberties experts who say it could create an invasive surveillance system and comes with privacy risks. App developers said they have taken privacy risks into consideration and mitigated them in design. Meanwhile, U.S. Sen. Amy Klobuchar, D-Minn., is seeki... Read More

Business and health care data are the new “honeypot,” an attractive and lucrative source of revenue to the modern hacker. A report from IBM in July 2020 reported that the average cost of a health care breach was $7.13 million per breach, noting “compromised employee accounts were the most expensive root cause, and that 80% of these incidents resulted in the exposure of customers' personally identifiable information.”  The COVID-19 pandemic has exposed how unprepared many health care providers w... Read More

The Wall Street Journal reports on potential efforts to amend or replace the Health Insurance Portability and Accountability Act in the wake of COVID-19-related health privacy dilemmas. Health policy professionals expect questions around HIPAA's scope and coverage to be more frequent, which will lead to a legislative remedy from U.S. Congress. HIPAA "worked fairly well" when it was written, said Gonzaga University Assistant Professor of Law Mason Marks. "But today, in the Information Age, we nee... Read More

A data breach that may have compromised the identity of people diagnosed with COVID-19 in South Dakota is under investigation by the U.S. Federal Bureau of Investigation, the Star Tribune reports. In a letter to those who may have been affected, South Dakota Fusion Center Director Paul Niedringhaus said the center built an online portal using Netsential.com, which added labels to files that may have allowed a third party to identify patients. People’s names, addresses and virus status may have b... Read More

Bloomberg reports on the privacy implications of linking biometric information to a COVID-19 vaccination. In order to track who has received the vaccine, a program could be set up to link a biometric identifier to their health record, which can be used to prove they have been inoculated. European Digital Rights Policy and Campaigns Adviser Ella Jakubowska said if such initiatives were to be rushed out, privacy measures could be left by the wayside and the information could be used for mass surve... Read More

The U.S. Department of Health and Human Services is relaxing the Health Insurance Portability and Accountability Act privacy and security requirements for COVID-19 community-based testing sites to make it easier to collect patient data, Nextgov reports. The HHS Office for Civil Rights said in a notice other health care providers still have to fully comply with HIPAA. Meanwhile, the Hamburg Commissioner for Data Protection and Freedom of Information published guidance on data processing during th... Read More

The U.S. government just eased the path for doctors and nurses to do video chats with patients by lifting privacy and security compliance penalties and enforcement action against health care providers. The Office for Civil Rights at the U.S Department of Health and Human Services Tuesday said it will allow health care providers to use technology, such as Apple FaceTime, Facebook Messenger video chat or other video platforms, to communicate with patients. But, while federal response to the COVID... Read More

The U.S. Department of Health and Human Services has issued a limited waiver protecting health care providers from Health Insurance Portability and Accountability Act penalties during the COVID-19 outbreak. The waiver absolves providers of certain HIPAA responsibilities, including being required to honor facility directory opt-outs and issue privacy notices. Patient rights to request confidential communications and privacy restrictions have also been temporarily revoked under the waiver.Full Sto... Read More

Managing the COVID-19 outbreak and stopping its spread is now a global challenge. In addition to the significant health and medical responses underway around the world, governments and public health officials are focused on how to monitor, understand and prevent the spread of the virus. Data protection and privacy laws, including the EU General Data Protection Regulation and various U.S. laws, are informing these responses. One major response to limiting the spread of infection is contact traci... Read More

U.S. Senate lawmakers proposed a bipartisan bill to regulate contact tracing apps, The Washington Post reports. The Exposure Notification Privacy Act would ensure those who do not want to use the apps are not tracked and prohibit any data that is collected by the apps to be used for commercial purposes. “The important thing we wanted to get done, as people started to look at this, is make sure the privacy protections are in place,” said Sen. Maria Cantwell, D-Wash.Full Story... Read More

While the COVID-19 outbreak has brought about numerous changes to our daily lives, it has not brought U.S. Congress any closer to bridging the partisan divide over the shape and scope of federal privacy legislation. Although both Democrats and Republicans in Congress have introduced privacy legislation related to the ongoing COVID-19 pandemic in recent weeks, lawmakers from either side of the aisle remain at odds over at least two key provisions: a private right of action and preemption of state... Read More

As states ramp up manual COVID-19 contact tracing across the United States, a rapidly growing corps of citizen data collectors are discovering why data privacy rules matter. More than 100,000 contact tracers could be needed in the U.S. alone, according to guidance from the Centers for Disease Control and Prevention and a national contact-tracing plan developed by John Hopkins University and the Association of State and Territorial Health Officials. These tens of thousands of new data collectors ... Read More

COVID-19-tracking apps help identify parties with whom a COVID-19-infected person had contact. The apps do so by drawing on information about the location of a person’s mobile phone and its proximity to other devices. Experts, including the Bloomberg School of Public Health at John Hopkins University, view this technology as a necessary boost to manual contact tracing by public health officials. Countries are currently split into those where the government requires the use of these apps and tho... Read More

Over the past few months, millions received the option to receive "Exposure Notifications " through Apple or Google. The technology took off: millions of individuals downloaded applications or opted-in to exposure notifications. The Bluetooth Low Energy technology that powers the system, the privacy-by-design of the system and the increase in privacy-centric marketing demonstrate how the COVID-19 pandemic has increased awareness of potential privacy harms while providing a roadmap for the rollou... Read More

The Windsor Police Service’s access to the provincial COVID-19 database is raising privacy concerns, CBC News reports. Police searched the database 1,841 times from April 17 to July 20 to communicate COVID-19 status information to first responders. The Canadian Civil Liberties Association released a list of Ontario agencies that used the database, which includes names, addresses and birthdates of those who tested positive for the virus, calling it “alarming.” Windsor Police ranked 10th on that l... Read More

It is only May, but 2020 is already shaping up to be a crucial year for data protection. At least in Europe where the data protection authorities’ enforcement engine is starting to warm up. In Italy, for example, the Italian DPA, the Garante, started the year by handing down some very important fines. Beginning with provisions no. 231 and no. 232 issued Dec. 11, 2019, and published Jan. 17, 2020, against one of the global leading oil companies and with provision no. 7 issued Jan. 15, 2020, again... Read More

The U.S. is in the throes of a pandemic caused by the SARS-CoV-2 virus, COVID-19. Realizing that long-term lockdowns are not sustainable, governments are seeking alternative methods of controlling the pandemic. “Testing and tracing” has been touted as a way to reopen economies with the pandemic still raging. While testing has its own set of privacy challenges, the methods discussed to accomplish contact tracing are rife with problems. In simple terms, contact tracing involves determining who ha... Read More

The U.K. Information Commissioner's Office has published six data protection steps businesses can follow as lockdown measures begin to ease during the COVID-19 pandemic. The ICO recommends businesses only collect information as needed, to be transparent about what data they gather from staff and to keep all data secure. The agency also answers questions on its pandemic regulatory approach and COVID-19 testing.Full Story... Read More

As COVID-19 is rapidly spreading around the world, public health authorities are eagerly searching for effective measures to flatten the curve and decrease the rate of contamination. Among others, many governments are using or considering using surveillance technology to track the movements of people infected by COVID-19 and notify those who may have been exposed to the virus. Naturally, the use of such measures on a wide scale raises serious privacy concerns. In Israel, for example, there is a ... Read More

Reuters reports on the technical measures India has implemented to track the spread of the COVID-19 pandemic. Indian officials have called upon local companies to develop technology powered by artificial intelligence to help in these efforts. One such initiative sponsored by the federal government would use thermal cameras to track whether a person is wearing a mask. Municipal workers in northern Chandigarh were ordered earlier this year to wear GPS devices to track their efficiency, which spark... Read More

The U.K. National Health Service COVID-19 smartphone application launched in England and Wales, allowing users to trace contacts, assess risk level and record visits to establishments, Reuters reports. The app launched four months after the government said it would arrive. Health Secretary Matt Hancock said the app involved extensive work with technology companies, privacy experts and others, noting it is “secure” and “simple to use.” Meanwhile, in the U.S., the Pennsylvania Department of Health... Read More

In the Spanish region of Catalonia, the government created a public-private health observatory where epidemiological, mobile and environmental data is processed to manage COVID-19, ZDNet reports. The data is anonymized and gathered from public databases and mobile operators. Those involved said the tools developed by the observatory can be used by epidemiologists in pandemic response. “We need models on how epidemics evolve, and data is crucial in adjusting these models,” Computer Science Profes... Read More

The Dutch data protection authority, Autoriteit Persoonsgegevens, says COVID-19 app CoronaMelder insufficiently guarantees user privacy, and a law should be introduced to properly regulate its use. The AP, which raised concerns about the app's software following the Google Apple Exposure Notification framework, advised the government not to use the app until concerns are addressed. It says a law should authorize the Minister of Health, Welfare and Sport to process data and should also contain pr... Read More