Welcome to Vital Signs, a curated compilation of the latest legal and regulatory developments in digital health. Our lead article reports on recent developments in the U.S. Food and Drug Administration's ("FDA") regulatory...more
7/22/2024
/ Algorithms ,
Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Digital Health ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Innovative Technology ,
Life Sciences ,
Machine Learning ,
Medical Devices ,
Personal Data ,
Pharmacies ,
Popular ,
Telemedicine
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
In Short -
The Situation: There has been uncertainty over the circumstances in which data subjects can claim compensation for "mere" infringement of their rights without specific evidence of harm. On May 4, 2023, the Court...more
On 31 January 2022, the English High Court delivered its judgment in Stadler v Currys Group Limited (EWHC 160 (QB)); the latest in a series of rulings which appear set to constrain the relatively nascent UK data breach claims...more
2/25/2022
/ Corporate Counsel ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Protection ,
Emotional Distress Damages ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
UK ,
UK Data Protection Act ,
UK Supreme Court
On June 10, 2021, the Standing Committee of the 13th National People's Congress passed the long awaited People's Republic of China (China) Data Security Law ("DSL") after a final read of the third draft. The DSL, which takes...more
6/21/2021
/ China ,
Corporate Counsel ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Processing Rules ,
Data Processors ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
National Security ,
New Legislation ,
Regulatory Reform
The Background: Transfers of personal data to countries outside the European Economic Area ("EEA") must meet certain requirements under the General Data Protection Regulation ("GDPR"). If the third country does not provide an...more
China recently released new drafts of its Data Security Law and its Personal Information Protection Law for public comment; when finalized the two laws will impose significant obligations on how companies collect, process,...more
The Development: On 21 April 2021, the European Commission ("Commission") unveiled a proposal for a "Regulation laying down harmonized rules on Artificial Intelligence" ("AI Regulation"), which sets out how AI systems and...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
The Situation: The European Union and United Kingdom have both warned companies to prepare for a no-deal Brexit.
The Result: There is a real possibility that the Brexit Implementation Period will end on 31 December 2020...more
The Situation: After the invalidation of the EU-U.S. Privacy Shield by the Court of Justice of the European Union ("CJEU"), the conditions under which international data may flow from the European Union continue to remain...more
11/23/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Situation: The Court of Justice of the European Union ("CJEU") has ruled that international data flows under the European Union's comprehensive data protection regime, the GDPR, can continue to be based on EU Standard...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
1/29/2020
/ CNIL ,
Consent ,
Cookies ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Public Consultations
The Situation: The United Kingdom is due to leave the European Union ("EU") on 31 October 2019. Negotiations between member states of the EU excluding the United Kingdom ("EU27") and the United Kingdom are ongoing, but it is...more
10/1/2019
/ Corporate Counsel ,
Data Protection ,
EU-US Privacy Shield ,
European Commission ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
No-Deal Brexit ,
Personal Data ,
Standard Contractual Clauses ,
UK Brexit
The Situation: Fashion ID, a German online clothing retailer, embedded on its website the Facebook "Like" button. When a user consults the website of Fashion ID, that user's personal data are transmitted to Facebook Ireland....more
8/5/2019
/ Cookies ,
Corporate Counsel ,
Data Collection ,
Data Processors ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Joint Liability ,
Personal Data ,
Social Media ,
Website Owner Liability ,
Websites
The Situation: The UK Parliament has not approved the draft Brexit Withdrawal Agreement and Political Declaration on the future relationship of the European Union and United Kingdom. The next steps in the Brexit process are...more
The Situation: An investigation launched in 2016 by the German competition authority was meant to determine if Facebook was abusing its market position with its imposition of "misleading" data protection policies.
The...more
3/6/2019
/ Abuse of Dominance ,
Antitrust Investigations ,
Antitrust Violations ,
Competition Authorities ,
Data Collection ,
Data Protection ,
Facebook ,
Federal Cartel Office (the FCO) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Instagram ,
Monopolization ,
Prior Express Consent ,
WhatsApp ,
Without Consent
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
NIST Releases Internal Report Regarding IoT Cybersecurity -
In September, the National Institute of Standards and Technology ("NIST") released a draft...more
12/26/2018
/ Civil Monetary Penalty ,
CNIL ,
Consumer Reporting Agencies ,
COPPA ,
Critical Infrastructure Sectors ,
Cross-Border ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
Disclosure Requirements ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hobbs Act ,
Internal Audit Functions ,
International Data Transfers ,
Internet of Things ,
NIST ,
Popular ,
Power Grid ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
The Situation: The General Data Protection Regulation has a broad territorial scope and can apply to businesses based outside the European Union.
The Result: The European Data Protection Board has provided important...more
With this new legislative act, the European legislature aims to remove existing data localization requirements and enable storage of data in multiple locations across the EU.
On November 14, 2018, the European Parliament...more
12/7/2018
/ Big Data ,
Data Localization Law ,
Emerging Growth Companies ,
EU ,
EU Data Protection Laws ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
New Regulations ,
Self-Regulatory Organizations
The Situation: The European Union's General Data Protection Regulation ("GDPR") has raised questions regarding the scope of coverage and protection afforded by current cyber policies, especially with respect to potential GDPR...more
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more
10/24/2018
/ Argentina ,
Asia ,
Australia ,
Belgium ,
Brazil ,
California Consumer Privacy Act (CCPA) ,
Canada ,
Chile ,
China ,
Colombia ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Hong Kong ,
IRS ,
Italy ,
Japan ,
Mexico ,
Netherlands ,
NIST ,
Paraguay ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Singapore ,
Spain ,
TCPA ,
UK
The Situation: The Legislative Decree 101/2018 ("Harmonization Decree") harmonizes the Italian data protection laws with the General Data Protection Regulation (EU) 679/2016 ("GDPR") provisions. It was enacted and became...more
The Situation: On September 5, 2018, Belgium published two laws that implement the Belgian requirements under Regulation 21016/679, the General Data Protection Regulation ("GDPR").
The Details: The two laws include the Law...more
The Background: The automotive industry has achieved a number of technological advances aimed at developing connected cars, automated vehicles, and ultimately autonomous driving. These innovations are expected to pose a...more
9/7/2018
/ Antitrust Provisions ,
Automotive Industry ,
Competition ,
Competition Authorities ,
Connected Cars ,
Cybersecurity ,
Driverless Cars ,
EU ,
FRAND ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
Monopolization ,
Popular