fbpx

Download free GDPR compliance checklist!

Tag Archives for " guidance "

EDPS Investigation into EU institutions’ use of Microsoft products and services

EDPS issued a Public Paper detailing its findings and recommendations on the use of Microsoft products and services by EU institutions.

These findings may help any public administrations when contracting ICT services, because of the similarities between the General Data Protection Regulation (GDPR) and Regulation (EU) 2018/1725 which applies to the EU institutions.

Source: The Hague Forum: Reinforcing cooperation for fair IT contracts in Europe | European Data Protection Supervisor

CNIL Updates Data Protection Guidance for Employers in the Context of Lifting COVID-19 Containment Measures

On May 7, 2020, the French Data Protection Authority updated its previous guidance for employers relating to the processing of employee and visitor personal data in the context of the COVID-19 outbreak, in particular, in the context of lifting containment measures.

Some employers may consider implementing systematic body temperature checks at the entrance to their premises. Similarly, employers may wish to assess employees’ exposure to the virus or their health statuses when they return to work. The Updated Guidance analyzes some of these practices and outlines the principles applicable to data processing activities.

Source: CNIL Updates Data Protection Guidance for Employers in the Context of Lifting COVID-19 Containment Measures | Privacy & Information Security Law Blog

ICO Issues New Guidance On Covid-19 Testing And Monitoring In The Workplace

The Information Commissioner’s Office (ICO) has published guidance for employers on complying with data protection law when taking steps to manage Covid-19 health and safety risk in the workplace.

The Guidance focuses on ‘testing’ of employees (which includes collecting data about symptoms and the conducting of temperature checks, and well as collecting data about Covid-19 test results), but also touches on other measures which businesses might be considering in order to monitor employee movements within the workplace.

Source: Uk: Ico Issues New Guidance On Covid-19 Testing And Monitoring In The Workplace

No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body

On 4 May, the European Data Protection Board (“EDPB”) adopted an updated version of its guidelines on consent.

EDPB stated that you can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. EDPB also stated that scrolling on a website or digital service can not — in any way — be interpreted as consent.

Source: No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body | TechCrunch

German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications

On April 21, 2020, the Regulation on the Requirements and Reimbursement Process for Digital Health Applications (DiGAV) entered into force in Germany.

Among other provisions, the DiGAV includes specific IT security and privacy requirements. Shortly after the law took effect, Germany’s Federal Medicines and Medical Devices Agency (“BfArM”) also released an extensive explanatory Guidance to the DiGAV.

While the scope of application of the DiGAV and the BSI draft guidance may be limited, the documents can serve to provide useful insights and benchmarks for health applications generally.

Full article: German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications

EDPB adopts further COVID-19 guidance

During its 23rd plenary session, the EDPB adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.

The  guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak aim to shed light on the most urgent legal questions concerning the use of health data, such as the legal basis of processing, further processing of health data for the purpose of scientific research, the implementation of adequate safeguards and the exercise of data subject rights.

The guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak aim to clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes:
1.    using location data to support the response to the pandemic by modelling the spread of the virus in order to assess the overall effectiveness of confinement measures;
2.    using contact tracing, which aims to notify individuals who may have been in close proximity to someone who is eventually confirmed as a carrier of the virus, in order to break the contamination chains as early as possible.

Source: European Data Protection Board – Twenty-third Plenary session: EDPB adopts further COVID-19 guidance | European Data Protection Board

CNIL’s New Guidelines on HR Processing

The French Data Protection Authority (CNIL) has recently released new guidelines regarding human resources processing operations.

When the GDPR became effective, the CNIL’s previous set of HR Data guidelines became out of date as they did not incorporate the new law’s requirements ( e.g. obligations relating to records of processing activities and Data Protection Impact Assessments).

The new guidelines include a comprehensive grid of applicable legal bases for processing related to each standard HR purpose, including: compliance with a legal obligation, performance of a contract or steps taken prior to entering into a contract, legitimate interests, or tasks performed in the public interest or in the exercise of official authority vested in the controller.

Source: CNIL’s New Guidelines on HR Processing

EU publishes toolbox for coronavirus tracking apps

Contact tracing apps, if fully compliant with EU rules and well coordinated, can play a key role in all phases of crisis management, especially when time will be ripe to gradually lift social distancing measures.

Therefore EU have developed an EU toolbox for the use of mobile applications for contact tracing and warning in response to the coronavirus pandemic. The toolbox is accompanied by guidance on data protection for such mobile apps.

Source: Coronavirus: An EU approach for efficient contact tracing

Belgian DPA Releases Guidance Materials and FAQs on Cookies and Other Tracking Technologies

On April 9, 2020, the Belgian Data Protection Authority  released guidance and a set of frequently asked questions regarding the use of cookies and other tracking technologies.

Main elements regarding use of cookies and other tracking technologies, in accordance with FAQs, are: transparency (users must be informed about the use of cookies), consent (consent should be obtained for the use of all non-essential cookies) and cookie lifespan (the lifespan of a cookie must be limited to what is necessary to achieve the cookie’s purpose and cookies should not have an unlimited lifespan).

Read more: Belgian DPA Releases Guidance Materials and FAQs on Cookies and Other Tracking Technologies

Privacy issues for employers during COVID-19

As COVID-19 becomes our new normal, we increasingly see the tension between protecting the public’s health and privacy rights. Employers are faced with providing a safe work environment while complying with applicable privacy laws.

The situation for employers is made more challenging because it is fluid – each day there is new information about the disease, what protections are appropriate and the level of infection in a particular community. All these factors potentially impact the analysis of how much personal information should be collected and shared by employers.

Full article: Privacy issues for employers during COVID-19

1 2 3 36
>