European Commission Releases Assessment of the EU Member States’ Rules on Health Data in Light of GDPR

On February 12, 2021, the European Commission (Commission) published an “Assessment of the EU Member States’ rules on health data in the light of GDPR” (the Assessment). The Assessment concludes, amongst other things, that there are variations in the implementation of the EU General Data Protection Regulation (GDPR) at a national level with regards to the processing of health data. In turn, this has led to a fragmented approach to the processing of health data for health and research purposes across the EU. To avoid further fragmentation, the Assessment proposes various future EU-level actions, including stakeholder-driven Codes of Conduct as well as new targeted and sector-specific legislation.

Read More

EmailShare

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

For over two and a half years, California has enjoyed the spotlight of having the most comprehensive data privacy law in the United States. On March 2, 2021, Virginia forced California to share the honors, when Democratic Gov. Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA).

The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). Perhaps because Virginia was able to benefit from the experience of businesses that have spent the better part of the last five years implementing the GDPR or the CCPA, the Virginia law is less prescriptive and more straightforward than its predecessors, with (one would hope) a correspondingly lighter implementation burden on companies. Nonetheless, there is just enough different in the VCDPA that businesses with a connection to Virginia will need to evaluate whether the law applies to them and how they will comply.

While an exegesis of the VCDPA is beyond the scope of today’s Data Matters post, this alert is designed to assist such efforts in three ways. First, we lay out the VCDPA’s scope, providing preliminary insight into which businesses the law will cover. Second, we highlight the key ways the VCDPA differs from — and, more important, extends beyond — the CCPA and GDPR so that businesses will have an initial sense of what, if any, unique obligations the VCDPA will place on them. Finally, for completeness’s sake, the post briefly summarizes the law’s key elements.

Read More

EmailShare

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

On January 28, 2021, the UK Financial Conduct Authority (FCA) published Consultation Paper CP21/3, “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” (Consultation Paper). This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic (Temporary COVID Guidance).

The FCA is proposing amendments to:

  1. the UK onshored versions of EU technical standards on strong customer authentication (SCA) and common and secure methods of communication (UK SCA-RTS);
  2. its Approach Document on Payment Services and Electronic Money (Approach Document); and
  3. its Perimeter Guidance Manual (PERG).

Read More

EmailShare

Sidley Ranked in Chambers Global 2021

We are proud to announce that Sidley received 83 practice area rankings and 119 lawyer rankings in the 2021 edition of Chambers Global. Of these, 16 practice area rankings and 14 lawyer rankings were in Band 1.

Sidley’s Privacy and Cybersecurity practice received two honors. Partner Alan Raul is ranked Band 1 for Privacy & Data Security (USA). The practice is also newly ranked in the Data Protection category.

The annual Chambers Global guide provides analyses of legal practitioners around the world based on in-depth interviews with clients and in-house counsel.

EmailShare

With Veto Override, Maryland Becomes First U.S. State to Enact Digital Advertising Tax

Amidst significant economic and legal concerns, on February 12, 2021, the Maryland Senate joined the House in voting to override Republican Gov. Larry Hogan’s veto of House Bill 732 (HB 732) to adopt a Digital Advertising Gross Revenues Tax (Tax), the nation’s first tax targeting digital advertising. The override was successful despite significant pushback from a coalition of more than 200 businesses and Republican legislators who sought to sustain the veto. HB 732 is intended to provide significant revenues to support education reforms in the state.

The Tax is likely to affect large technology-based and online companies that derive revenue from advertisements on their websites and platforms (rather than companies deriving their revenues entirely from subscription services). Thus such companies, as well as their owners and sponsors, should carefully consider the information below and the impact of the Tax on their business models.

Read More

EmailShare

European Commission Publishes Draft UK Adequacy Decisions

On February 19, 2021, the European Commission (EC) published two draft implementing decisions to enable the continuing free-flow of personal data from the EU to the UK (the Draft Adequacy Decisions) i.e., post-Brexit: (i) for transfers of personal data under the EU General Data Protection Regulation (EU GDPR); and (ii) for transfers of personal data under the Law Enforcement Directive (LED). This will come as a huge relief to companies across all industries who are in parallel already grappling with the repercussions of Schrems II. In fact, the Draft Adequacy Decisions (which collectively run to almost 140 pages) are the first of their kind in a post-Schrems II world and will likely be closely reviewed—including by privacy advocate Max Schrems who has promised his Twitter followers to “take a look at” the Draft Adequacy Decisions in particular with regard to the LED (i.e., which addresses UK government surveillance activities).

Read More

EmailShare

European Medicines Agency Issues Updated Good Clinical Practice Q&A

On February 17, 2021 the European Medicines Agency (EMA) published an updated version of its good clinical practice questions and answers (GCP Q&A).  The updated section relates to access to patient medical records by GCP inspectors from European Economic Area (EEA) Member States.  It stresses the importance of sponsors conducting studies in countries outside the EEA obtaining the prior explicit consent of a clinical trial participant for the review of their medical records by EEA GCP inspectors.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator