DPAs respond to Covid-19

We are all affected by the coronavirus pandemic, and not least in our private lives. Suddenly restrictions to civil liberties that would have seemed draconian feel acceptable if suitable safeguards are provided, for example, using mobile phone data to monitor the spread of the virus by means of tracking our movements. It is pleasing that the global DPA community has concluded that data protection law does not stop data sharing for Covid-19 purposes – but at the same time we need to stay vigilant that the current exceptions do not become the norm in future. DPAs have issued statements and guidance on the coronavirus situation for organisations whose privacy compliance teams are now often working remotely. Much of that is related to the kind of data which can be gathered on employees, but there is also guidance on how to manage data security issues for remote workers. In addition, the European Union Agency for Cybersecurity (ENISA) on 24 March issued its top tips for cybersecurity when working remotely.

For everyone who has suddenly needed to take up new technologies to organise virtual meetings, Zoom has become a popular option. However there have been reports of Zoom’s bad track record with data protection measures. Zoom has defended itself by saying that “No data regarding user activity on the Zoom platform – including video, audio, and chat content – is ever provided to third parties for advertising purposes.” In the US, a class action lawsuit has been launched, and on 1 April the Hong Kong Privacy Commissioner for Personal Data made data security recommendations to Zoom users.

Before the travel restrictions kicked in, I was in Finland to interview the Ombudsman and his Deputy, and a travel app company Whim. Other articles in this issue include a world first analysis (in English) of Indonesia’s new data protection Bill, updates on Canada, Iran, Dubai, data ethics, facial recognition, and privacy aspects of gender equality. In this issue, we also report on digital identity developments in Africa and the Middle East.

Unfortunately, we have had to move Nowhere to Hide, PL&B’s 33rd Annual International Conference from Cambridge to London and from summer to autumn. Please see our website at www.privacylaws.com/ac for a speaker list and details of their sessions. Most speakers will be, in principle, available for our conference, which we can arrange only when social distancing stops and travel starts.

Laura Linkomies
Editor, Privacy Laws & Business

April 2020