The stakes are high for FemTech – as Benjamin Franklin noted: ‘it takes many good deeds to build a good reputation and only one bad one to lose it.’...more
7/19/2024
/ Consumer Privacy Rights ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
Mobile Health Apps ,
Patient Privacy Rights ,
Personal Data ,
Regulatory Requirements ,
Risk Management ,
Sensitive Personal Information ,
Technology Sector ,
UK
Security, scale or functionality – pick two. This computer science principle coined by the late Professor Anderson is particularly relevant to the FemTech industry. Anderson’s Rule states that for a system to provide high...more
5/17/2024
/ Business Strategies ,
Digital Health ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Innovation ,
Life Sciences ,
Med Tech ,
Popular ,
UK
In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some...more
3/11/2024
/ Data Privacy ,
Data Security ,
Data-Sharing ,
Health Care Providers ,
Information Commissioner's Office (ICO) ,
Mobile Health Apps ,
Personal Data ,
Personalized Medicine ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
UK
Clearview AI Inc's successful challenge to the ICO’s £7.5 million fine focused on the limits of the UK GDPR’s jurisdictional reach, succeeding on the grounds that Clearview’s processing activities were outside the scope of...more
1/19/2024
/ Appeals ,
Artificial Intelligence ,
Corporate Fines ,
Data Collection ,
Data Processors ,
EU ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Jurisdiction ,
Law Enforcement ,
Personal Data ,
UK GDPR
Political agreement was reached on 9 December in the negotiations on the EU AI Act, arguably the world’s most comprehensive and ambitious AI law to date.
Some further steps must take place, including confirmation by the...more
Over the past few years there has been significant growth in the use of technology for monitoring workers, especially following the onset of the COVID-19 pandemic. Global demand (based on the number of internet searches...more
On 14 November 2023, the European Data Protection Board (EDPB) adopted guidelines on the technical scope of Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC, as amended) (ePD). This reflects the EDPB's intent to...more
The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security....more
A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force.
The DGA aims to...more
11/14/2023
/ Administrative Authority ,
Best Practices ,
Data Collection ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Management ,
International Data Transfers ,
Member State ,
Public Sector ,
Third-Party Service Provider
On 12 October the UK–U.S. “data bridge” becomes operational, providing an additional, compliant route for UK-outbound transfers of personal data to U.S. organisations that are EU-U.S. Data Privacy Framework members. UK...more
10/12/2023
/ Adequacy Requirement ,
Biden Administration ,
Data Protection ,
Data Subjects Rights ,
Executive Orders ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Framework ,
Regulatory Oversight ,
UK
On 18 August 2023, the UK’s Information Commissioner’s Office (“ICO”) published draft guidance on biometric recognition (the “Draft Guidance”) for public consultation. The Draft Guidance explains how data protection law...more
9/11/2023
/ Artificial Intelligence ,
Biometric Information ,
Consultation ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Draft Guidance ,
Personal Data ,
Privacy-By-Design ,
UK ,
UK GDPR ,
UK ICO
The FCA is continuing to crack down on firms and ‘finfluencers’ using social media for non-compliant and illegal financial promotions and this week has announced plans to update its existing guidance on social media and...more
Updated June 2023 -
The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. This tracker summarizes the effect and status of the following: the Digital Services Act, the...more
6/19/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Digital Marketplace ,
Digital Service Providers ,
Digital Services ,
EU ,
EU Data Protection Laws ,
Information Governance ,
International Data Transfers ,
New Legislation ,
Pending Legislation ,
Personal Data ,
Popular
How should artificial intelligence (“AI”) be governed? This conundrum is rightly receiving considerable attention from governments, businesses and civil society. ...more
Artificial intelligence (“AI”), once limited to the pages of science fiction novels, is now viewed as a key strategic priority for both the UK and EU.
The UK, in particular, plays a prominent role at the cutting edge of...more
On 8 March 2023, the newly-created Department for Science, Innovation and Technology (“DSIT”) introduced the UK government’s updated proposals for data protection reform in the shape of the Data Protection and Digital...more
4/12/2023
/ Compliance ,
Consent ,
Cookies ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
General Data Protection Regulation (GDPR) ,
Proposed Legislation ,
Regulatory Requirements ,
Small and Medium-Sized Enterprises (SMEs) ,
UK
The updated guidelines (05/2021) from the European Data Protection Board (“EDPB”) issued on 14 February 2023 (the “New Guidelines”) look at the interplay of two fundamental, protective mechanisms contained in the EU GDPR....more
3/17/2023
/ Data Controller ,
Data Processors ,
Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
International Data Transfers ,
Personal Data
The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more
On 18 January 2023, the European Data Protection Board (the “EDPB”) announced the adoption of a report on the work undertaken by the Cookie Banner Task Force (the “Task Force”). The Task Force was formed in September 2021 for...more
2/9/2023
/ Consent ,
Cookie Banners ,
Cookies ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NGOs ,
Schrems I & Schrems II ,
UK
Though perhaps falling short of being a universally accepted one, it is a truth that any organisation processing personal data needs a privacy programme. But how best should an internal compliance framework be structured...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
12/30/2022
/ Compliance ,
Consultation ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Data Security ,
EU ,
EU Directive ,
Information Technology ,
Outsourcing ,
Popular ,
Proposed Amendments ,
Proposed Regulation ,
Third-Party Service Provider ,
UK
Two and a half years after the Schrems II decision invalidated the EU-US Privacy Shield, the EU and US are inching closer to a replacement data transfer mechanism for EU to US personal data transfers. On 13 December 2022, the...more
Over the past few years there has been significant growth in the use of technology for monitoring workers, especially following the onset of the COVID-19 pandemic. Global demand (based on the number of internet searches...more
11/4/2022
/ CCTV ,
CNIL ,
Consultation ,
Data Protection Impact Assessments (DPIAs) ,
Electronic Communications ,
Employee Monitoring ,
Employee Privacy Rights ,
Employment Policies ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
UK
With the 27 December 2022 deadline for updating data transfer contracts with the EU SCCs fast approaching, this alert mines European Commission guidance, as well as the team’s experience, and offers some tips for successful...more
The Age Appropriate Design Code (“AADC”) - more commonly known as the Children’s Code - has been heralded as the world’s first code to protect children online. Compliance with the AADC became mandatory for in-scope businesses...more