EU and U.S. Privacy and Security Considerations for COVID-19 Data Processing Activities from Pandemic to Living With COVID


Orrick partner Thora Johnson co-authored this article with Douglas McMahon, a partner at McCann FitzGerald, exploring privacy and security considerations for companies that collect personal health information in Covid-related data processing. The article is part of the European American Chamber of Commerce’s “Digitalization” Series.

“As we move into the ‘living with Covid’ stage of the pandemic, the associated processing of personal data will increasingly be undertaken by private sector operators,” the authors explain. “A key part of any plans by such operators should be their GDPR compliance program, given the well-publicized potential fines and damages claims that may arise in the event of a breach of GDPR obligations.”

The article added: “Unlike the EU, the U.S. has a patchwork of federal and state laws that regulate the privacy and security of personal information, including health information. Much testing and tracing has been conducted by private companies, and these companies have several U.S. laws to consider.”