29 Mar Guidance on the processing of personal data and cybersecurity in the context of the COVID-19 pandemic
Paolo Balboni – ICT Legal Consulting Founding Partner – and his team, without the presumption of completeness, has proceeded to map official resources that provide guidance on the correct processing of personal data in the context of COVID-19 and Cybersecurity-related information on working remotely in the context of the pandemic.
An updated version of the list can be found on Paolo Balboni’s personal blog.
Cybersecurity: Information on working remotely in the context of the COVID-19 pandemic
European Commission, ENISA, CERT-EU and Europol – COVID-19 Joint Statement
EU Agency for Cybersecurity (ENISA) – Tips for cybersecurity when working from home
UK Information Commissioner’s Office – Data security – a guide to the basics
UK National Cyber Security Centre (NCSC) – NCSC issues guidance as home working increases in response to COVID-19
Privacy and Data Protection: Processing of personal data in the context of COVID-19
Statements from EDPS, EDPB and UN
European Data Protection Board – Statement of the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak and Statement on the processing of personal data in the context of the COVID-19 outbreak Adopted on 19 March 2020
European Data Protection Supervisor – Monitoring the speed of COVID-19, EDPS Comments to DG CONNECT of the European Commission on monitoring of COVID-19 spread
United Nations Special Rapporteurs – COVID-19: States should not abuse emergency measures to suppress human rights
National Statements and Guidance
Canada – Office of the Privacy Commissioner of Canada, Announcement: Commissioner issues guidance on privacy and the COVID-19 outbreak and Guidance: Privacy and the COVID-19 outbreak, Office of the Information and Privacy Commissioner of Alberta Privacy in a Pandemic
France – Commission Nationale de l’Informatique et des Libertés, Coronavirus (Covid-19): les rappels de la CNIL sur la collecte de données personnelles;Recherches sur le COVID-19 : la CNIL se mobilise
Germany – Office of the Federal Commissioner for Data Protection and Freedom of Information, DSK provides information on data protection and Coronavirus and German Data Protection Supervisory Authorities joint information paper on data protection and the Coronavirus pandemic
Hong Kong – Privacy Commissioner for Personal Data, The Use of Information on Social Media for Tracking Potential Carriers of COVID-19 and Privacy Commissioner Responds to Privacy Issues Arising from Mandatory Quarantine Measures and Provides Updates on Doxxing
Italy – Garante per la protezione dei dati personali, Coronavirus: No do-it-yourself (DIY) data collection, says the Italian DPA, Italian state – Urgent provisions for the strengthening of the National Health Service in relation to the COVID-19 emergency and Italian state – March 14 Shared protocol for the regulation of measures for counteracting and containing the spread of the Covid-19 virus in workplaces
Mexico – National Institute for Transparency, Access to Information and Personal Data Protection, Ante casos de COVID-19, INAI emite recomendaciones para tratamiento de datos personales, Suspende INAI eventos públicos, por recomendación de la SSA para evitar contagio de COVID-19, and Adoptará INAI como medida de prevención el trabajo a distancia ante COVID-19
Slovakia – Office for Personal Data Protection of the Slovak Republic, Statement of the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak and Coronavirus and processing of personal data
Spain – Agencia Española de Protección de Datos, Report from the State Legal Service Department on Processing Activities Relating to the Obligation for Controllers from Private Companies and Public Administrations to Report on Workers Suffering from Covid-19, Covid-19 FAQs, La AEPD publica un informe sobre los tratamientos de datos en relación con el COVID-19, Campañas de phishing sobre el COVID-19; Comunicado de la AEPD sobre apps y webs de autoevaluación del Coronavirus
United Kingdom – Information Commissioner’s Office (ICO), Data protection and coronavirus: statement for health and care practitioners; COVID-19: general data protection advice for data controllers; and The power of data in a pandemic
The content of this article has undergone an update. Please read this post for the updated version.