GDPR

Subscribe to GDPR

This digest covers key virtual and digital health regulatory and public policy developments during February 2024.

Of note, the UK continues to pursue a “pro innovation” flexible approach to the regulation of AI. As outlined in the UK government’s response to the public consultation, the government will develop a set of core principles for regulating AI, while leaving regulatory authorities, like the Medicines and Healthcare products Regulatory Agency (MHRA), discretion over how the principles apply in their respective sectors. A central governmental function will coordinate regulation across sectors and encourage collaboration. The government’s aim with this approach is to enable the UK to remain flexible to address the changing AI landscape, while being robust enough to address key concerns. This is in sharp contrast to the position in the EU, where the EU AI Act is reaching the conclusion of the legislative process.Continue Reading Virtual and Digital Health Digest, March 2024

A version of this article was first published in Life Sciences IP Review

There is currently no specific legislation in the UK that governs AI, or its use in healthcare. Instead, a number of general-purpose laws apply that have to be adapted to specific AI technologies. As a step towards a more coherent approach, the government recently published its response to its consultation on regulating AI in the UK.  This maintains the government’s “pro-innovation” framework of principles, to be set out in guidance rather than legislation, which will then be implemented by regulatory authorities in their respective sectors, such as by the MHRA for medicines.  The MHRA has already started this process and signalled itself as an early-adopter of the UK government’s approach. The hope is that this will lead to investment in the UK by life science companies as the UK is seen as a first-launch country for innovative technologies.Continue Reading The UK’s pro-innovation approach to AI: What does this mean for life science companies?

On 1 February 2024, the Danish Data Protection Agency announced that it reported the private hospital HP Gildhøj Privathospital ApS’s (Capio A/S) to the Danish police and recommended imposing a fine of not less than DKK 1,500,000 (over 200.000 euros). In their investigation, the Danish Data Protection Agency found that the hospital had failed to effectively supervise the data processors they used for the processing of large amounts of patients’ sensitive  personal data.Continue Reading Proposed fine against Danish hospital for failure to supervise data processors

Thank you to all who joined us for our December 13 panel titled the “Race to Regulate.” In case you missed it, unpack this year’s pivotal legal challenges impacting the 2023 — and 2024 — digital legal landscape in our Year in Review Pocket Book. Continue Reading Virtual and Digital Health Digest, December 2023

Spurred, in part, by the COVID-19 pandemic and the need for new ways to reach patients at home, 2023 saw a boom in digital technologies and healthcare solutions: one-stop-shop telemedicine platforms, app-based remote patient monitoring, direct-to-consumer online pharmacies, software-based medical devices, and artificial intelligence/machine learning to bolster delivery of telehealth services. Then came a robust government response. In the EU and UK, regulatory bodies grappled with the introduction of machine learning, AI, and other software into healthcare services by, for example, new guidance from the EU Medical Device Coordination Group and UK Medicines and Healthcare products Regulatory Agency on software medical devices, the EU’s AI Act and the UK government’s AI White paper, the European Medicines Agency reflection paper on use of AI in the product lifecycle, the EU Data Privacy Framework and the equivalent UK-U.S. data bridge, and the European Health Data Space

We call this the “Race to Regulate.” This push-pull dynamic between digital health innovation and government regulation is key to evaluating regulatory risks in today’s shifting legal landscape. This digest seeks to keep up with these changes and provide you with an overview of the key guidelines and developments as the landscape develops. As we come to the end of 2023 and publish our latest Digest, join us on December 13 as we unpack pivotal moments in the 2023 Race to Regulate and discuss what’s next for virtual and digital health. Continue Reading Virtual and Digital Health Digest and webinar

On 7 September 2020, the European Data Protection Board (EDPB) initiated a public consultation on draft Guidelines 07/2020 on the concepts of controller and processor in the GDPR. Any interested party could provide comments by 19 October 2020 using the dedicated form.

The draft Guidelines contain elements that are of interest for companies active in the life science sector as they may have an impact on comapnies’ day-to-day research and commercial activities in the EU and their compliance with Regulation (EU) 2016/679 (GDPR).
Continue Reading Draft EU guidelines on the concepts of controller and processor—key elements for life sciences companies

Today, the Court of Justice of the European Union delivered a landmark judgement with significant practical impact for companies transferring personal data outside the European Economic Area to the United States. The Court of Justice confirmed the validity of the Standard Contractual Clauses for transfer of personal data between a controller in the EU and a processor in a third country (e.g., the US) adopted by the European Commission in Decision 2010/87/EU. The Court has, however, invalidated European Commission Decision (EU) 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield.
Continue Reading The CJEU confirms the validity of the Standard Contractual Clauses but invalidates the EU-US Privacy Shield