EDPB Assigns Mandates to Develop Guidance on Data Processing and COVID-19
Time 2 Minute Read
Categories: European Union, Health Privacy, International, Workplace Privacy

On April 7, 2020, the European Data Protection Board (the “EDPB”) announced that it had assigned mandates to its expert subgroups to develop guidance on several aspects of data processing amidst the COVID-19 crisis.

In particular, the EDPB assigned a mandate to the technology expert subgroup to focus on geolocation and other tracking tools. The EDPB indicated that the guidance will focus on several issues, including (1) the use of aggregated and anonymized location data; (2) applying data protection principles (such as lawfulness, necessity, proportionality, accuracy and data minimization) to available tools for tracking individuals and their location; (3) a general legal analysis of apps used to contain the spread of COVID-19; (4) the safeguards necessary to ensure compliance with data protection principles; (5) recommendations regarding contact tracing applications; and (6) limiting the measures taken in response to COVID-19 to a specific timeframe.

In addition, the EDPB assigned a mandate to the compliance, e-government and health expert subgroup to focus on processing health data for research purposes in the context of COVID-19. The guidance will focus on (1) processing health-related data to advance scientific and medical research; (2) applying data protection principles (such as lawfulness, proportionality, transparency, compliance with data subject rights requests, and storage limitation) to the processing of health-related data; (3) re-use of medical research data in connection with COVID-19 data sharing; and (4) information dissemination and data subjects rights in an emergency situation.

Tags: Coronavirus/COVID-19, EU Member States, European Commission, European Data Protection Board, GDPR, Personal Data
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 6 Minute Read
NetChoice Files Suit Challenging South Carolina Age-Appropriate Code Design

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page