Category

International

19 February 2021

European Commission Publishes Draft UK Adequacy Decisions

On February 19, 2021, the European Commission (EC) published two draft implementing decisions to enable the continuing free-flow of personal data from the EU to the UK (the Draft Adequacy Decisions) i.e., post-Brexit: (i) for transfers of personal data under the EU General Data Protection Regulation (EU GDPR); and (ii) for transfers of personal data under the Law Enforcement Directive (LED). This will come as a huge relief to companies across all industries who are in parallel already grappling with the repercussions of Schrems II. In fact, the Draft Adequacy Decisions (which collectively run to almost 140 pages) are the first of their kind in a post-Schrems II world and will likely be closely reviewed—including by privacy advocate Max Schrems who has promised his Twitter followers to “take a look at” the Draft Adequacy Decisions in particular with regard to the LED (i.e., which addresses UK government surveillance activities).

(more…)

EmailShare
18 February 2021

European Medicines Agency Issues Updated Good Clinical Practice Q&A

On February 17, 2021 the European Medicines Agency (EMA) published an updated version of its good clinical practice questions and answers (GCP Q&A).  The updated section relates to access to patient medical records by GCP inspectors from European Economic Area (EEA) Member States.  It stresses the importance of sponsors conducting studies in countries outside the EEA obtaining the prior explicit consent of a clinical trial participant for the review of their medical records by EEA GCP inspectors.

(more…)

EmailShare
11 February 2021

UK Supreme Court: Serious Fraud Office Cannot Compel Foreign Companies to Produce Documents Held Abroad

Case: R (on the application of KBR, Inc) (Appellant) v Director of the Serious Fraud Office (Respondent) [2021] UKSC 2

On February 5, 2021, the UK Supreme Court ruled that the Serious Fraud Office (SFO) cannot compel foreign companies with no presence in the jurisdiction to produce documents held abroad using its powers under Section 2(3) of the Criminal Justice Act 1987 (CJA 1987).

After losing its ability to use European Investigation Orders to obtain evidence located in other EU member states due to Brexit, the judgment is a further setback for the SFO in terms of the extraterritorial reach of its investigative powers and may in certain circumstances affect its ability to investigate fully cross-border serious fraud cases. When seeking documents or electronic data held abroad from foreign companies that are not registered in the UK or do not carry on business there, the SFO will now have to rely on mutual legal assistance or an overseas production order (where such mechanisms are available).

However, the Supreme Court’s ruling will provide foreign companies with greater certainty regarding documents that may have to be produced to the SFO, particularly where production could be resisted in their own jurisdiction on grounds of privilege.

(more…)

EmailShare
27 January 2021

FCC Standardizes and Formalizes “Team Telecom” Review

Foreign investment in many entities regulated by the U.S. Federal Communications Commission (FCC) has long been subject to an interagency review process for the consideration of national security, foreign policy, and trade policy issues, referred to as “Team Telecom.” Pursuant to an April 2020 executive order and an October 2020 report and order of the FCC, this process has been formalized and streamlined under the new Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (Committee).

(more…)

EmailShare
21 January 2021

A Digital Europe – Digital Health and other Recent EU Data Initiatives

Taking a step into the digital age, the European Commission announced that the 2020s shall become the EU’s Digital Decade.  The EU’s digitalization, including in the area of health, is one of the Commission’s key priorities and covers a wide range of actions and related initiatives.

Building on prior initiatives, in 2019 the Commission announced six key priorities (since supplemented by the COVID-19 recovery plan) that would shape the coming five years of policy making.  One of these six key priorities is to create a Europe fit for the digital age and work on a digital strategy that will empower people with a new generation of technologies.

(more…)

EmailShare
19 January 2021

UK FCA Expectations on Call Recording in a Remote Working Environment — Market Watch 66

On 11 January 2021, the UK Financial Conduct Authority (FCA) published the 66th edition of its Market Watch newsletter. The newsletter sets out the FCA’s expectations for firms on recording telephone conversations and electronic communications when alternative working arrangements are in place, including increased homeworking in light of the COVID-19 pandemic.

The newsletter follows on from an update on 8 January 2021 to the market trading and reporting statement on the FCA’s Coronavirus (Covid-19): Information for firms webpage. In that update, the FCA notes that, given the extensive duration of alternative working arrangements during the pandemic, the FCA now expects firms to record all relevant communications (including voice calls) when working outside the office.

(more…)

EmailShare
21 December 2020

European Union Implements Changes to Export Control Rules

The EU Dual-Use Regulation regulates exports outside the EU, transfers inside the EU, transit through the EU and the brokering of certain sensitive goods, services, software and technology (referred to as “items”) that are considered “dual-use.” Dual-use items have both military and civil applications. The EU has updated its export control rules for dual-use items to (1) take account of Brexit, (2) ensure consistency with recent developments in international non-proliferation regimes and export control arrangements, and (3) address cyber-surveillance and other security threats stemming from new technologies, reinforce cooperation among competent EU authorities, and impose enhanced compliance obligations (including a requirement to adopt internal compliance programs) on businesses. These updates, which are addressed in turn, will have significant implications for businesses dealing in dual-use items.

(more…)

EmailShare
18 December 2020

Schrems II Concerns Regarding U.S. National Security Surveillance Do Not Apply to Most Companies Transferring Personal Data to the U.S. Under Standard Contractual Clauses

The thesis articulated in the article linked here is that (1) nearly all companies relying on standard contractual clauses for data transfers to the US under the EU General Data Protection Regulation are not electronic communications service providers for purposes of FISA 702 (i.e., only companies in the business of providing communications services would be covered) and (2) data transfers from Europe to the US under SCCs may not be targeted under FISA 702 and EO 12333 because they are (i) quintessential “US person communications” because either the data exporter is a U.S. person or the data importer is a U.S. person, or more likely, both are US persons and (ii) received by a person located in the U.S. Accordingly, the concerns expressed by the EU Court of Justice in Schrems II should not be problematic for nearly all U.S. companies relying on SCCs.

READ MORE

EmailShare
16 November 2020

Important Changes to the Singapore Data Privacy Regime

On November 2, 2020, Singapore’s legislature finally approved amendments to the Personal Data Protection Act (PDPA). The changes become law once a government gazette is passed (possibly before the end of 2020). If you operate in Singapore, handle Singapore data, or maintain a server in Singapore, it is crucial that you have protocols in place to guide employees on what to do when a data breach occurs and consider doing a data breach tabletop exercise. (We have organized a number of these drills for clients in preparation for breach notification requirements in Australia and now Singapore.) (more…)

EmailShare
XSLT Plugin by BMI Calculator