On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information

On August 12, 2021, the UK Information Commissioner’s Office (“ICO”) published a call for views on data protection and employment practices. The ICO intends to update its employment practices code and associated guidance, originally produced under the Data Protection Act 1998, which has now been replaced by the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018 (“DPA 2018”). The ICO is requesting responses from large and small employers, workers, volunteers, trades unions, employment dispute resolution bodies, recruitment agencies, professional and trade bodies, and suppliers of employment technology solutions.

Continue Reading UK ICO Consults on Data Protection and Employment Practices

Earlier this month, the Belgian Data Protection Authority released its 2020 Annual Report, which showed the Belgian DPA’s focus on the supervision of initiatives to fight the COVID-19 pandemic involving data processing, while not losing sight of its other priorities outlined in its Strategic Plan 2020-2025.
Continue Reading Belgian Data Protection Authority Releases 2020 Annual Report

France’s highest administrative court recently issued a summary judgment that rejected a request for the suspension of the partnership between the French Ministry of Health and Doctolib, a leading provider of online medical consultations in Europe, for the management of COVID-19 vaccination appointments.
Continue Reading French Highest Court Rejects Suspension of Partnership with EU Service Provider Using AWS; Extends Application of the Schrems II Requirements

On October 13, 2020, France’s highest administrative court issued a summary judgment that rejected a request for the suspension of France’s centralized health data platform, Health Data Hub.
Continue Reading French Highest Court Rejects Temporary Suspension of France’s Health Data Hub; Calls for Additional Guarantees Following Schrems II

In an op-ed recently published by The Richmond Times-Dispatch, former Governor of Virginia and Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton Andrews Kurth Terry McAuliffe discusses why a U.S. federal privacy law is essential to economic recovery in the wake of the COVID-19 pandemic.
Continue Reading McAuliffe Says Federal Privacy Law Is Essential to Economic Recovery

On August 25, 2020, Hunton’s Centre for Information Policy Leadership released a new paper entitled “Data Protection in the New Decade: Lessons from COVID-19 for a US Privacy Framework,” examining how the COVID-19 pandemic has emphasized the need for a U.S. federal privacy law.
Continue Reading CIPL Releases New Paper on COVID-19 and U.S. Privacy Law

On June 16, 2020, the European Data Protection Board released a statement on the processing of personal data in the context of reopening borders following the COVID-19 outbreak.
Continue Reading EDPB Releases Statement on the Processing of Personal Data in the Context of Reopening Borders Following the COVID-19 Outbreak