European Commission Provides Important Guidance on Qualification and Classification of Software Under New Medical Devices Regulations
The European Commission’s Medical Devices Coordination Group (MDCG) has published a much-anticipated guidance on the qualification and classification of software devices as medical devices (MDSW)1 under the new Medical Devices Regulation (MDR) and In Vitro Diagnostic Regulations (IVDR) (the Guidance, available here). The Guidance seeks to provide clarification to medical software manufacturers with respect to (i) when software is considered a device (qualification) and (ii) what risk category the device falls into (classification).
Under the currently applicable rules, supported by guidance set out in MEDDEV 2.1/6,2 most software devices are classified as low risk. However, the new classification rules set out in the MDR, in particular Rule 11, significantly change the classification of MDSW, with many software devices to be generally considered medium- or even high-risk devices.
Here we examine which areas have been clarified by the Guidance and which topics remain open to interpretation.
Blockchain 2019: Smart Contracts
Please join us for the fourth in a series of programs focused on 2019 blockchain developments. This webinar will discuss legal, regulatory and other considerations for smart contracts. Lawyers from Sidley’s blockchain, investment funds and global finance practices will discuss:
- The blockchain technology behind smart contracts
- The legal validity of smart contracts under state law
- Court decisions and industry initiatives addressing obligations embedded in smart contracts
- Practical considerations for smart contract implementation in transactions
Sidley Honored at 2019 Who’s Who Legal Awards
Sidley was honored as the Data – Security “Firm of the Year” at the 2019 Who’s Who Legal Awards. Click here for more information on our Privacy and Cybersecurity practice.
Stay Up-To-Date on the CCPA Through Sidley’s CCPA Monitor
Sidley has consolidated its materials and resources on the CCPA, including an amendment tracker, on the new Sidley CCPA Monitor.
Explore the law and Sidley insights, available now.
DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector
William Long, partner and global co-leader of Sidley’s Privacy and Cybersecurity practice, has been working on global data privacy and information security matters for a number of years. In particular, William advises international clients on a wide variety of General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), data protection, cybersecurity and financial services issues.
DataGuidance by OneTrust spoke with William about data protection issues in the financial services sector, and in particular about approaching compliance with the GDPR, sector-specific challenges, issues around Big Data, and cybersecurity.
Terms and Conditions: Recent Supreme Court Decisions Highlight There is More to Consider than Just the Privacy Policy
Your website is essential to your online business. By developing and presenting an online presence, however, you take on legal obligations to your users. It is, therefore, a timely exercise to stop and take stock of your terms and conditions in light of recent developments in the law, consumer expectations, and your legal risk profile. The privacy policy has been getting a lot of attention lately as many websites, services and apps are rushing to get their new privacy policies in place in light of the California Online Privacy Protection Act (“CalOPPA”). But updating the privacy policy is only one step in protecting your business in this digital economy. Terms and conditions are an important tool for limiting a company’s exposure to the various legal risks inherent in conducting business online. Boilerplate provisions can leave you exposed and frustrate your customers. Companies should critically consider the nature and needs of the business and transactions that may occur on their websites to determine what types of provisions will be beneficial and best practices for creating a binding contract.
Terms and conditions generally specify the rules governing the use of a website or mobile application. Since every website is different, custom-drafted terms and conditions are necessary to protect a particular business. Well-crafted terms and conditions might address issues such as payment, taxes, refunds, gift certificates, accounts, disclaimers, user behavior on your site, warranties and limitations on liability.
Fifth Annual Sidley Privacy and Cybersecurity Roundtable
We held our 5th Annual Privacy and Cybersecurity Roundtable on May 1, in Washington, D.C. The event featured the Chair of the European Data Protection Board Andrea Jelinek and FTC Commissioner Noah Phillips. Other government speakers represented the White House, UK’s Information Commissioner’s Office, and staff members from the U.S. Senate and House of Representatives. Other distinguished panelists included Cam Kerry of Brookings and Jane Horvath from Apple. The speakers addressed privacy and cybersecurity enforcement in the U.S. and EU, Brexit, Online Harms and the prospects for federal privacy legislation. The insightful program was followed by a competition between the sausage-making (and brewing) achievements of leading privacy jurisdictions such as Brussels, California, Washington, D.C. and China (representing a privacy continuum!). Sidley also commemorated “20 Years of CyberLaw at Sidley” – two decades since the founding of today’s Privacy and Cybersecurity practice. We look forward to continuing to thrive and serve our clients. We hope to see you at next year’s Privacy and Cybersecurity Roundtable.
Chambers Global Practice Guide for Data Protection & Cybersecurity 2019 Available
The updated 2019 Chambers Global Practice Guide for Data Protection & Cybersecurity is available, covering important developments across the globe and bringing expert legal commentary for businesses particularly involved in the life sciences sector.
European Commission Provides a Summary of the GDPR so far for Data Protection Day 2019
On January 25, 2019, the European Commission published a statement to mark Data Protection Day (January 28, 2019) which, this year, comes eight months after the entry into force of the General Data Protection Regulation (“GDPR”) on May 25, 2018.
The statement indicates that the European Commission considers the GDPR to have had a positive effect, in particular because European citizens are now more conscious of the importance of data protection and of their rights. The European Commission also notes that the Data Protection Authorities (“DPAs”) are enforcing the new rules and better coordinating their actions in the European Data Protection Board. (more…)
Privacy Legislation Could Provide Common Ground for the Newly Divided Congress
*This article first appeared in the Hill.com on November 19, 2018
With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy. The new privacy zeitgeist follows years of data breaches as well as new concerns about invisible data collection, political micro-targeting and manipulation, the proliferation of internet-connected devices, and a potential lack of transparency in the decisions that machines increasingly make about us.
