Santa Clara University professor and privacy law expert Eric Goldman says CCPA enforcement should be delayed.

“The DOJ should relax the July 1, 2020 enforcement date. California has declared a state of emergency and is on indefinite lockdown due to COVID-19. This is not business as usual” – says Goldman.

“These circumstances significantly hamper businesses’

Canada’s Office of the Privacy Commissioner weighs in on data processing under COVID-19:

“There are some circumstances under which organizations may collect, use or disclose personal information without consent, including:

  • Collection in the interests of the individual and consent cannot be obtained in a timely way, e.g. critical illness.
  • Collection and use for making a

Ireland’s Data Protection Commission weighs in on the issue of COVID-19 and data access requests:

“The Data Protection Commission acknowledges the significant impact of the Covid-19 health crisis which may affect organisations’ ability to action GDPR requests from individuals, such as access requests.

While the statutory obligations cannot be waived, should a complaint be made

Coronavirus and Data Protection: New York Department of Financial Services had extended the deadline for compliance with its cybersecurity requirements.

  • The Superintendent of Financial Services of the State of New York recognizes that COVID-19 may present compliance challenges for certain regulated entities and persons in meeting their legal obligations.
  • Therefore the deadline for submission of

Should enforcement of the California Consumer Privacy Act be delayed?

The current outbreak of COVID-19 warrants delaying enforcement of California’s new privacy law to January 2021, dozens of organizations say in a letter sent this week to state Attorney General Xavier Becerra.

“Now is not the time to threaten business leaders with premature CCPA enforcement

Coronavirus and Data Protection guidance from the Catalan Data Protection Authority:

  • Under Articles 6.1.(e) and 9.2.(i) GDPR, health authorities may share health data when this is needed for reasons of public interest in the field of public health, such as protection against serious trans-boundary health threats, or to guarantee high levels of quality and safety

The Czech Republic’s Data Protection Authority, Urad pro Ochranu Osobnich Udaju, provides its guidance on GDPR and COVID-19:

  • Public health authorities are authorized to process personal data to the extent and for the purpose laid down by Act No. 258/2000 on public health protection. This includes taking appropriate measures to reduce the spread of contagious

Following a series of opinions from individual nations’ Data Protection Authorities, the European Data Protection Board (EDPB) has issued long-awaited guidance on compliance with the General Data Protection Regulation under the strain of a pandemic.

The EDPB does not go into detail regarding legal bases but states that:

  •  GDPR does not get in the way

The Austrian Data Protection Authority weighs in on Coronavirus and GDPR:

  •  Employers may collect the personal contact information of employees for the purpose of efficient communication during the pandemic. This information may not be used for any other purpose and must be deleted after the pandemic is over.
  • Collecting this information is permissible under Art.