General Data Protection Regulation (GDPR)

The European Data Protection Board issues guidance on consent, in reliance upon the Working Party Article 29 Guidelines on Consent.

Key additions/ takeaways.
  • Consent relying on an alternative option offered by a third party fails to comply with the GDPR.
  • A service provider cannot prevent data subjects from accessing a service on the basis that

Data Protection Authorities for France and the Netherlands have weighed in on the use of temperature taking in the fight against the spread of COVID-19.

Netherlands’ Autoriteit Persoonsgegevens:

“We hear that all kinds of organizations use different means to check people quickly for fever. Not only with a thermometer, but also with thermal cameras”

“That’s not allowed. This is a serious offense under [GDPR] . If this happens, we will enforce.”

“We don’t want to wake up in a few months in a society with a kind of Chinese situation, in which the employer is constantly watching you and can even see your care data and have all kinds of consequences.”

  • Employers may not check people’s temperature and process their health data.
  • Consent as a legal basis is not possible in an employment relationship, because an employee may feel pressured to give permission.
  • Only a doctor should do health tests and process the medical data of personnel.
  • You may not check temperature of visitors or vendors either. Consent here is not possible because there is no equivalence here either. The visitor will feel compelled to agree.
  • Employees of companies that measure temperature should report this to the works council and to the data protection officer.
Spain’s Agencia Española Proteccíon Datos:


Continue Reading Temperature-Taking Under GDPR: Guidance from Spain, the Netherlands

Coronavirus and Data Protection: The UK Information Commissioner’s Office has issued an opinion on the Google-Apple joint initiative for contact tracing apps.

Key Takeaways

  • The Google and Apple framework appears to be aligned with data protection principles.
  • The app developers have primary responsibility to ensure data protection principles are met.
  • There must be transparency as

The European Law Blog posts on how COVID-19 related data collection activities in third countries should affect EU data transfer adequacy decisions.

“The data collection and processing measures taken in third countries to combat the coronavirus are relevant to an evaluation of the continued validity of existing adequacy decisions and the potential conclusion of new

Healthcare data company CENTOGENE announced it has joined forces with blockchain startup Ubirch to create a solution to secure results of COVID-19 mass testing that takes into consideration General Data Protection Regulation (GDPR) compliance.

Based on the premise that absent a vaccine widespread testing is inevitable to permit the return of social interaction, the solution

Isle of Man has issued guidance on data protection during the coronavirus pandemic.

Key Takeaways

  • Data protection law does not stand in the way of fighting the pandemic.
  • Data protection principles must still be observed while fighting the pandemic.
  • Be proportionate in the data you collect.
  • Compliance with data protection principles is difficult during this

The head of the EU Parliament’s Civil Liberties Committee says the group is monitoring efforts to use smartphone data tracking to fight COVID-19.

“Even in these exceptional times, the EU’s data protection principles, namely the General Data Protection Rules (GDPR) and the e-Privacy Directive, must continue to apply and be respected,” said Juan Fernando López

Hungary’s Data Processing Authority offers a GDPR compliance to do list for employers.

  • Collect and process only what you need
  •  Abide by the emergency laws
  •  Devise a pandemic contingency plan
  •  Adopt full transparency

Read my detailed analysis on the Hungary Nemzeti Adatvédelmi és Információszabadság Hatóság guidance.

Ireland’s Data Protection Commission has issued advice on protecting data privacy when using videoconferencing.

Organizations should:

  • Use contracted service providers for work-related communications. Ensure you are happy with the privacy and security features of the services you ask employees to use.
  • Ensure that employees use work accounts, email addresses, phone numbers, etc., where possible, for