What practical insight/tips do you have on how Covid-19 has impacted compliance with the General Data Protection Regulation (GDPR), data protection and privacy requirements, particularly in respect of using video conferencing technology for hearings?

What practical insight/tips do you have on how Covid-19 has impacted compliance with the General Data Protection Regulation (GDPR), data protection and privacy requirements, particularly in respect of using video conferencing technology for hearings?

Produced in partnership with Hamish Corner and Shruti Goel of Shoosmiths LLP

ICO’s approach in light of coronavirus (COVID-19)

On 15 April 2020, the UK’s supervisory body for data protection, the Information Commissioner’s Office (ICO) issued a statement and document setting out how it shall be adjusting its regulatory approach during the current coronavirus (COVID-19) pandemic, with a focus on safeguarding information rights in an ‘empathetic and pragmatic way’ as a result of:

  • staff and capacity shortages organisations are facing, with furloughed employees
  • acute financial pressures that many organisations are presently under, and
  • public bodies, redeploying resources to meet severe front-line pressures

The document includes details of the ICO’s stance towards taking formal regulatory action, including issuing fines, namely, that it will take into account whether an organisation’s difficulties result from the coronavirus crisis, and if the organisation has plans to rectify any breaches at the end of the crisis. The statement and document puts into context how data protection regulations, such as Regulation (EU) 2016/679 (the General Data Protection Regulation (GDPR)) and the Data Protection Act 2018, will be managed during the coronavirus pandemic. See: Information Commissioner’s Office shares regulatory approach during coronavirus (COVID-19), LNB News 15/04/2020 74 and for information on data protection considerations in respect of dispute resolution proceedings more generally, see Practice Note: Dispute resolution—data protection and GDPR considerations.

Court’s approach to remote hearings

Due to the challenges presented by coronavirus, the vast majority of cases heard in England and Wales now use audio and video technology. Various new guidance has been issued by the courts on remote hearings due to the exceptional circumstances. For further guidance on remote hearings generally and during times of coronavirus, including on CPR PD 51Y and the Coronavirus Act 2020, see Practice Notes: Remote hearings in civil proceedings via video-conferencing and telephone and Practical guide to remote hearings in the criminal courts during the coronavirus (COVID-19) pandemic.

Privacy concern of home video hearings

The primary privacy concern in conducting video hearings in participants’ homes, is the extent of excessive video and audio data captured by microphones and cameras, collected as a by-product of the hearing taking place in a participant’s homes by video. For example, participant’s family members appearing in the background (including children), personal items such as family photos, medication or documentation being visible.

To circumvent some of these issues, consideration may be taken as to whether participants should be required to blur their backgrounds to create additional privacy when joining a video hearing, as well smart speakers being turned off. All individuals engaged in the video hearing should also agree that no screen shots are taken of participants, or their homes.

Privacy and security issues of video conferencing platforms for video hearings

HMCTS outlines the use of eg BTMeetMe and Kinly videoconferencing software for audio and video hearings, but do not detail any additional security measures to be taken, when using the platforms.

The ICO has issued the blog titled ‘Video conferencing: what to watch out for’, which outlines the key considerations organisations should consider when using video conferencing technology, including:

  • transparency of video conferencing technology—providing participants with information on how their personal data will be processed through the privacy and security features of the platform, and how to change any settings
  • awareness of phishing risks in a video chat—bringing awareness to participants on the risks of the ‘live chat feature’, which can be used by cyber criminals to spread phishing messages through links or attachments
  • choice of platform—the video conferencing platform’s privacy policies should be reviewed to ensure it deploys equivalent measures to those of the organisation adopting the technology

For sensitive hearings, the need for end-to-end encryption should also be considered. 

Management of public access to video hearings

The Protocol Regarding Remote Hearings issued by HMCTS outlines (with reference to CPR PD 51Y and also the new section 85A of the Courts Act 2003) that, with the exception of proceedings that the court directs to take place privately, to ensure the administration of justice, to the extent possible remote hearings shall remain public. Accordingly, hearings will be recorded by tape and digitally to enable relaying recorded versions to an open court room, media representatives will be permitted to log into remote hearings and live streaming of hearings may also take place over the internet.

For general guidance on public access to court hearings, see Practice Note: Public and private hearings.

Courts’ compliance with GDPR in court hearings

HMCTS has a Personal Information Charter which outlines privacy policies for each type of hearing including civil, criminal and family, as well as any related documentation processed by the relevant court or tribunal.

Related Articles:
Latest Articles: