The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include:

  • Controller and processor obligations
  • Right of correction
  • Provisions regarding profiling

The European Data Protection Supervisor has issued guidance on data protection and body temperature taking.

Key takeaways:
  • Basic body temperature checks designed to measure body temperature only, operated manually and not followed by registration, documentation or other processing of individuals’ personal data are, in principle, not subject to the regulation.
  • Other systems of temperature checks,

Poland’s data protection authority, the UODO, offers guidance on email monitoring in the workplace:

  • The employer may introduce monitoring of the employee’s e-mail when it is necessary in the employer’s opinion to ensure work organization that allows full use of working time and proper use of the work tools provided to the employee.
  • The monitoring

Data Protection Authorities in the German states of Lower Saxony, North Rhine-Westphalia, Hesse, Hamburg and Brandenburg have launched a large scale inquiry against media websites to examine the use of tracking techniques and specifically whether the cookie banners they apply on their respective websites meet the requirements for a voluntary and informed consent of the

Poland’s Data Protection Authority  UODO weighs in on “employee of the month” postings in the workplace.

  • The employer may, under certain conditions, display the best performance results in the workplace, based on his individual assessment.
  • The processing of employees’ personal data for the purposes of the efficient and effective functioning of the workplace may be

In a letter to the country’s Social Security Administration, Iceland’s Data Protection Authority Personuvernd states that IP addresses are not a reliable way to determine a person’s true location.

The DPA was reviewing a decision of the state Social Security Administration that had relied on an IP address to determine whether individuals on the unemployment

Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data Protection Regulation (GDPR).

This means:
  • TLS (transport layer encryption) at minimum
  • Additional measures like end-to-end encryption and qualified transport encryption

The COVID-19 pandemic has upended global business, but European regulators say it won’t stop them from promoting privacy and data protection, according to the International Association of Privacy Professionals.

“What’s clear about the regulators’ enforcement strategies is that they each intend to keep pushing data protection forward, knowing its general importance is only growing as