Privacy & Security
As businesses begin to reopen and resume operations after the pandemic, there are discussions surrounding possible vaccine passports and the concerns protecting individuals’ personal health information. COVID-19 vaccines are becoming more available within the country and more Americans feel safe to resume their normal lives. Many states and businesses are contemplating the idea of making vaccine passports a requirement for travel and large events. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) was created to protect personal health information. As other countries are beginning to require proof of vaccination, many are contemplating whether vaccine passports are permitted by HIPAA or if the requirement will actually violate the federal health privacy law.
Peloton has a coined the term “together we go far” as their company slogan, and over the course of this year that is exactly what this company has done. Since the company launched in 2012, Peloton has gone far and wide delivering their fitness technology to millions of people across the globe. Peloton is an international company that designs at-home gym equipment and produces virtual workout classes for their customers to live-stream or watch on-demand through their Peloton products. Peloton provides an outlet for fitness and competition while building a positive and inclusive community for their members across the United States and the world. Of the millions of members in the Peloton community, one is our leading man in office President Joe Biden.
There’s no doubt that remote work, brought on by the coronavirus pandemic, will accelerate the digital revolution already underway. Consumers’ growing appetite to conduct their business online, rather than in-person, has fueled the proliferation of digitally accessible products and services. For instance, movie theaters have closed their doors while content streaming services have experienced exponential growth. And while the restaurant industry, as a whole, has suffered, ‘virtual’ kitchens and grocery delivery apps have picked up steam. A critical question that arises from these trends is “what can be done to eliminate biases in the algorithms that drive these digital transactions?”
Lydia Bayley Associate Editor Loyola University Chicago School of Law, JD 2022 While the COVID-19 pandemic undeniably pushed many legislative agendas to the backburner, some seem to be heating back up. With the 117th Congress now in session, data privacy is once again moving to the forefront of federal legislative debate. For decades, the United States has …
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued its deafening decision that summarily and immediately invalidated the EU-US Privacy Shield. The regulatory program established between the European Council and the U.S. Dept. of Commerce allowed for the transfer of personal data of EU residents to be sent from the EU to the US without violating the data transfer restrictions of the General Data Protection Regulation (“GDPR”). The decision went on to cast serious doubt on the sufficiency of standard contractual clauses to adequately protect data transferred to any third country, not just the US. Several months later, data exporters in the EU are still sorting through the wreckage of their privacy programs and waiting for practical advice on the way forward.
Joanna Shea Associate Editor Loyola University Chicago School of Law, JD 2022 A common topic of COVID-adjacent conversation these days is the ‘silver lining’ – unexpected positives resulting from the dark grey cloud that has claimed over half a million lives in the United States. Emergency adaptation measures taken by industries otherwise slow to modernize …
On December 12, 2020, the European Commission (the “EC”) issued a highly anticipated draft of newly revised standard contractual clauses (“new SCCs”) that may be used by European Union-based companies to safeguard data transfers of personal data to third countries, such as the US, in compliance with GDPR Art. 46(1). The release comes at a decidedly inopportune time as it follows on the heels of the Court of Justice of the European Union’s (CJEU) Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (“Schrems II”) decision which casts serious doubt on the adequacy of SCCs alone to safeguard against the “high-risks” involved in EU to US data transfers. And for many data protection experts, the language of the revised SCCs only adds to the confusion, raising even more questions. But one question in particular seems to be prominent among others—for transfers to importers, directly subject to GDPR, are SCCs really necessary?
On December 17, 2020, the Securities and Exchange Commission (“SEC”) charged Robinhood Financial, LLC (“Robinhood”) with material misrepresentation and misleading its users about its revenue sources, specifically Robinhood’s receipt of payments from certain principal trading firms for routing its customer orders to them. The SEC charges against Robinhood also relate to certain statements about the execution quality Robinhood achieved for its customers’ orders and Robinhood’s failure to satisfy its duty of best execution. Robinhood agreed to pay $65 million to settle the charges.
President Joe Biden has issued a number of Executive Orders, many of which address the ongoing COVID-19 public health emergency. On January 21, 2021, President Biden released another pillar of his Administration’s long-term plan to direct the United States out of the throes of the pandemic. The twelfth Executive Order titled, “Ensuring a Data-Driven Response to COVID-19 and Future High-Consequence Public Health Threats” orders the Department of Health and Human Services (“HHS”) Secretary Alex Azar to conduct a nationwide review of the interoperability of public health data systems in an effort to enhance the collection, sharing, analysis, and collaboration of de-identified patient data.
It cannot be denied that the COVID-19 pandemic has led to many novel legal and regulatory issues. One topic of major concern both domestically and abroad is how to manage the massive amounts of consumer data being collected in the attempt to quell the spread of the virus. This issue is especially complicated to address in the United States, where a convoluted patchwork of state and federal laws interact to create a relentlessly fragmented data regulation system. Now, as state and local governments, along with tech giants like Apple and Google, continue to roll out contact tracing applications, the need for comprehensive data privacy regulation is more pressing than ever.