Monthly Archives: March 2020

No CE Marking Required for Surgical Masks and Personal Protective Equipment

Legal news, , , , , ,

In the wake of the COVID-19 pandemic, the Italian Government lifted regulatory requirements for the manufacturing, importing and placement on the market of surgical masks and other personal protective equipment.

The measures were prompted by a failure of existing manufacturers and importers to meet the demands of hospitals, healthcare professionals and individual citizens alike, and are seen as generally in line with the Commission Recommendation (EU) 2020/403 of 13 March 2020 on conformity assessment and market surveillance procedures within the context of the COVID-19 threat (https://eur-lex.europa.eu/legal-content/GA/TXT/?uri=CELEX:32020H0403).

The new emergency regulations (law decree 18/2020 – http://www.governo.it/it/articolo/decreto-legge-17-marzo-2020/14333) provide that manufacturers, importers and other businesses who intend to commercialize surgical masks and personal protective equipment, are required to submit a self-certification to the National Health Institute (“Istituto Superiore di Sanità” – https://www.iss.it/) or to the National Workers Insurance Agency (“INAIL”) respectively, whereby they describe the technical specifications of the devices/equipment and declare that the devices/equipment meet the safety requirements set forth in applicable legislation. The competent authorities are then required issue a compliance decision within 3 days from the submission.

The technical procedures for the submission to the authorities have now also been implemented and, with reference to surgical masks, they require an additional certification from the applicants concerning the compliance of the devices with quality standards UNI EN 14683:2019 and UNI EN ISO 10993-1:2010. A quality system should also be implemented, but such system does not need to be certified: the implementation of adequate procedures and traceability measures would be sufficient to meet the applicable requirements.

While certain regulatory requirements are meant to remain place in order to ensure the reliability of products placed on the market, the authorities are hopeful that the new emergency measures will provide relief to hospitals and healthcare operators operating under the current extraordinary circumstances.

EDPB on Privacy & Covid-19 Today

Legal news

You may have heard that Israel has started processing cellphone data in order to track contacts and movements of individuals who are positive to Covid-19 in order to trace other people with whom they have come into contact. 

The European Data Protection Board has just issued an opinion on data protection and Covid-19 stating that:

 Insofar as possible, processing of data should be anonymous;
 When it is not possible to only process anonymous data, Art. 15 of the ePrivacy Directive enables the member states to introduce legislative measures pursuing national security and public security. This emergency legislation is possible under the condition that it constitutes a necessary, appropriate and proportionate measure within a democratic society. If such measures are introduced, a Member State is obliged to put in place adequate safeguards, such as granting individuals the right to judicial remedy.

If you have some time to reflect on the privacy aspects of the coronavirus, you may be interested in checking the varied approach of different EU Data Protection Authorities. 

 Italy: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9282117
 Belgium: https://www.autoriteprotectiondonnees.be/covid-19-et-traitement-de-donn%C3%A9es-%C3%A0-caract%C3%A8re-personnel-sur-le-lieu-de-travail
 UK: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/03/data-protection-and-coronavirus/
 France: https://www.cnil.fr/fr/coronavirus-covid-19-les-rappels-de-la-cnil-sur-la-collecte-de-donnees-personnelles
 Germany: https://www.bfdi.bund.de/DE/Datenschutz/Themen/Gesundheit_Soziales/GesundheitSozialesArtikel/Datenschutz-in-Corona-Pandemie.html

Stay safe!

COVID-19 Infects Smart Working and Data Protection Rules

Legal news, , , , ,

The unfortunate spread of COVID-19 throughout Italy led to some interesting legislative measures.

Smart Working

Thanks to a Decree of the Prime Minister adopted on March 1, 2020, the employers could employ their workers by remote working, even without the individual agreements in writing mandated by Law no. 81/2017. 

  • Remote or “smart” working is not mandatory. It is up to the employer, given its responsibility for the organization of the working activity, to decide whether or not to adopt remote working both for employees who work in areas at risk and for employees who live in such areas but work outside.
  • Secondly, for the next six months the principle of consent, on which remote working is based, will be waived: the employer will be able to arrange such method of working “even in the absence of individual agreements”. In case of refusal by the employee, disciplinary sanctions may be applied. On the contrary, the employee may not use smart working without a specific indication by the employer.
  • With regards to formal requirements, no precise written provision is needed. An e-mail or a verbal arrangement may be sufficient.

During this time, smart working will be considered as a measure of health and safety at work and the employers should provide for the relevant IT instruments to allow the employee to arrange remote working.

Moreover, last February, before the outbreak of COVID-19 crisis, Regione Lombardia already launched a campaign to make public funds available for employers that never implemented plans of smart working. The employers can send the application starting from April 2, 2020, until December 15, 2021, up to availability of the subsidies. We could assist the employers to define the relevant plan.

Data Protection

Ordinance no. 630, adopted on February 3, 2020, as an emergency measure to contrast corona virus has been approved by the Italian Data Protection Authority. Surprisingly, it in fact lowers the protection of individuals in light of the public interest.

More specifically, the Italian Data Protection Authority pointed out that, pursuant to Section 9 of GDPR, certain personal data may be legitimately processed for reasons of public interest in public healthcare – particularly in case of serious cross-border threats against healthcare – while ensuring appropriate measures to protect the rights of the concerned individuals, with a specific focus on professional secrecy.

In light of the above and considering the ongoing COVID-19 crisis, the measures taken allow personal mobile communication data and geolocation to be analysed in order to trace connections and contacts amongst individuals. However, such decision does not set forth specific countermeasures in order to protect the rights of the concerned individuals.