may 8, 2020 covid-19 and the gdpr - privacy+security ......2020/05/08 · covid-19 key events...
TRANSCRIPT
May 8, 2020
COVID-19 and the GDPRNikolaos TheodorakisWilson Sonsini Goodrich & Rosati
Peter FatelnigDelegation of the EU to the USA
Jay ExumPRA Health Sciences
Pamela GarayAssurant
Speaker
Peter FatelnigMinister-Counselor for Digital Economic PolicyDelegation of the European Union to the USA
Peter works for the European Union out of their Washington DC office. He is responsible for EU - US relations in Digital Economy Policy. In this capacity he also follows data protection and privacy on both sides of the Atlantic.
Speaker
Jay ExumAssistant General Counsel, Executive Director, Global DPOPRA Health Sciences
Jay leads the in-house privacy team for PRA Health Sciences, a global clinical research and healthcare intelligence company with operations in over 80 countries. His team helps PRA and its affiliates manage global privacy risk and compliance, including GDPR, CCPA, HIPAA and many others.
Speaker
Pamela GarayAssistant Vice President & International Privacy OfficerAssurant
Pamela Garay is Assistant Vice President and International Privacy Officer at Assurant, Inc., a leading provider of specialized insurance products and related services, where she leads Assurant’s data privacy program across its international business units and serves as an expert on global privacy and technology issues.
Speaker
Nikolaos TheodorakisOf CounselWilson Sonsini Goodrich & Rosati
Nikolaos regularly counsels on matters of EU data protection law, GDPR compliance, cybersecurity preparedness, advertising, and marketing and offers a full cycle of services that includes both non-contentious matters and investigations with supervisory authorities.
Agenda
• Introduction
• Covid-19: Key events and GDPR issues
• Discussion on immediate, mid and long term issues regarding Covid-19 and the GDPR
• Invite Questions
Covid-19: Key events and GDPR issues
Covid-19 Key Events
8COVID-19 and the GDPR
France goes into lockdown, first US states
go into lockdown.
Mar 17, 2020
European Union banned non-essential travel into theregion for at least 30 days.
Mar 16, 2020
Spain goes into lockdown.
Mar 14, 2020
WHO declares COVID-19as a global pandemic.
Mar 11, 2020
WHO names the virus as COVID-19.
Feb 11, 2020
Start of lockdown measures outside of China (Italy).
Mar 8, 2020
Start of lockdownin Wuhan.
Jan 23, 2020
First known COVID-19 case in US.
Jan 20, 2020
First known COVID-19 case in Europe (France).
Dec 27, 2019
Mar 13, 2020
Belgium goes into lockdown.
UK goes into lockdown.
Mar 23, 2020
Wuhan lockdown lifted.
Apr 8,2020
US announces plan to re-open economy.
Apr 16, 2020
Europe passes infection peak in most Member
States.
Apr 23, 2020
Covid-19: Privacy Concerns1. Privacy in the workplace and returning to work
2. Use of contract-tracing apps to detect and prevent Covid-19
3. Data re-use by governments, epidemiologists and the scientific community
Covid-19 Privacy Guidance Tracking
Covid-19 Privacy Guidance Tracking
Covid-19 Privacy Guidance Tracking
Covid-19 Latest Developments in the EUWilson Sonsini Covid-19 Client Advisory Resourcehttps://www.wsgr.com/en/services/practice-areas/COVID-19.html
Selected EU Data Protection Frequently Asked Questionshttps://www.wsgr.com/en/insights/Selected-EU-Data-Protection-Frequently-Asked-Questions-on-COVID-19.html
European Commission Calls for Common Approach to Covid-19 Apps and Anonymized Data Usehttps://www.wsgrdataadvisor.com/2020/04/european-commission-calls-for-a-common-approach-to-covid-19-apps-and-anonymized-data-use/
EDPB’s Response to the European Commission’s Recommendation on Covid-19 Mobile Appshttps://www.wsgr.com/en/insights/the-edpb-responds-to-the-european-commissions-recommendation-on-covid-19-mobile-apps.html
European Commission Guidance on Covid-19 Mobile Appshttps://www.wsgrdataadvisor.com/2020/04/the-european-commission-publishes-guidance-on-covid-19-mobile-apps/
EDPB’s Guidelines on Location Data and Contract Tracing Tools to Combat Covid-19, and the Use of Health Data for the Purposes of Scientific Research
Overview of COVID-19 Privacy Issues
DPOs and privacy officers will need to deal with a myriad of privacy issues at different stages of the pandemic.
Immediate Issues
●Immediate emergency support: ensure and establish (urgent) business continuity
●Establish procedures to enable (1) health data collection (temperature checks and surveys), (2) remote working and (3) employee monitoring (if necessary)
Medium Term Issues
●Review emergency actions and document compliance
●Will involve (1) documenting PIAs, LIAs and updating data maps, (2) logging equipment and technical measures, (3) reviewing compliance with various policies (monitoring, BYOD, etc.)
Long Term Issues
●Carry out a “lessons learned” review, and stress test policies for future scenarios
●Data management: ensure no repurposing of data and delete such data where needed
Discussion on immediate, mid and long term issues regarding Covid-19 and the GDPR
Questions from the audience
Questions + Contact
Nikolaos TheodorakisWilson Sonsini Goodrich & [email protected]
Peter FatelnigDelegation of the European Union to the [email protected]
Jay ExumPRA Health [email protected]
Pamela GarayAssurant