The California Consumer Privacy Act: What Happened and What’s to Come

Last year ended with businesses scrambling to be ready for the California Consumer Privacy Act’s January 1 deadline. The CCPA’s entry into force did not, however, resolve implementation complexities or answer myriad questions about how the Act will be interpreted. Moreover, the California Attorney General will finalize regulations during 2020 that are likely to expand compliance obligations and narrow flexibility. How are companies handling these uncertainties? What should companies be doing to prepare for CCPA enforcement beginning on July 1, 2020? How can “reasonable security” be documented?

Read More

EmailShare

Treasury Releases New CFIUS Regulations

On January 13, 2020, the U.S. Department of the Treasury (Treasury) issued final and interim regulations implementing the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which expands the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS) to review foreign investments and mitigate any potential national security concerns. While the final regulations largely track the proposed regulations issued on September 17, 2019, Treasury has made refinements and added several clarifying examples. See Sidley’s previous Update on the proposed regulations.

Following the structure of the proposed regulations, the final regulations were issued in two parts: one part covers investments in real estate, available here, while the other covers certain other investments in U.S. businesses, available here. Treasury simultaneously released a number of frequently asked questions on the proposed regulations, available here, and a fact sheet, available here.

The final CFIUS regulations will go into effect on February 13, 2020.

Read More

EmailShare

New Guidance Published Addressing Scientific Research and the GDPR

A recent opinion from the European Data Protection Supervisor (EDPS) on data protection and scientific research builds on an opinion from January 2019 from the European Data Protection Board on the GDPR and clinical trials. The Opinion from the EDPS should be taken into account by life sciences companies in their ongoing assessment of how to apply the GDPR to scientific research both in clinical trials and more broadly.

The EDPS – an independent supervisory authority whose primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection – recently published a preliminary opinion on data protection and scientific research (the Opinion). The EDPS acknowledges the critical importance of scientific research but states that “data protection obligations should not be misappropriated as a means […] to escape transparency and accountability.”  In particular, according to the EDPS, compliance with data protection laws is “wholly compatible” with responsible scientific research. However, the EDPS recommends intensifying dialogue between data protection authorities (DPAs) and ethical review boards for a common understanding of which activities amount to genuine research and expects further guidance to be published by the European Data Protection Board – an independent European body, composed of representatives of the national DPAs and the EDPS.

Read More

EmailShare

SEC Warns Investors Regarding Digital Asset Initial Exchange Offerings

On January 14, 2020, the U.S. Securities and Exchange Commission (SEC) Office of Investor Education and Advocacy published an investor alert (Alert) regarding initial exchange offerings (IEOs), a type of digital asset fundraising facilitated by online trading platforms.1 Although the Alert is directed at investors, it provides important information to blockchain companies and trading platforms. The Alert highlights the following:

  • an explanation of an IEO
  • IEOs that are securities offerings must comply with federal securities laws
  • a platform offering an IEO may need to register as a broker-dealer, national securities exchange or operate pursuant to an exemption, such as an alternative trading system (ATS)
  • IEOs offered to U.S. investors, even if offered from outside the United States, must comply with federal securities laws

Read More

EmailShare

New Guidance Published on Cybersecurity and Medical Devices

New European medical device guidance will require manufacturers to carefully review cybersecurity and IT security requirements in relation to their devices and in their product literature. This new guidance comes at the same time as a draft guidance on privacy by design has been published by the European Data Protection Board requiring product developers to implement privacy into the design of their products.

In December 2019, the Medical Device Coordination Group (MDCG) published its guidance on cybersecurity for medical devices (the Guidance). The MDCG is composed of representatives of all Member States and it is chaired by a representative of the European Commission. The Guidance is intended to assist medical device manufacturers meet the new cybersecurity requirements in the Medical Devices Regulation (MDR) and the In Vitro Diagnostic Regulation (IVDR) (collectively, the Regulations). In particular, the Guidance aims to assist with regard to both the pre-market and post-market requirements of the Regulations to ensure companies achieve “an adequate balance between benefit and risk during all possible operation modes of a medical device.”

Read More

EmailShare

California Department of Business Oversight December 2019 Actions

The California Department of Business Oversight (CDBO) recently concluded that the point of sale consumer financing programs offered by Sezzle, Inc., and another, unnamed party constituted making loans for purposes of the California Financing Law (CFL). A number of payment providers and technology companies have been developing innovative payment options, including consumer financing options, that are facilitated by advances in technology and mobile connectivity. Some market participants have structured their products such that a license should generally not be required under state law. The CDBO’s actions, however, may require companies to revisit that analysis and consider their licensing obligations.

Read More

EmailShare
1 2 3 78
EmailShare
XSLT Plugin by BMI Calculator