Recent decisions from the European Union (EU) have placed renewed focus on the use of common cookies used on ecommerce and other websites used by consumers and employees and transfers of personal data collected through cookies to the United States. The EU Data Protection Authorities (DPAs) found that the use of widely used website technologies (i.e., cookies and java script) to automatically collect identifiers from the users’ devices or through their use of internet protocols (e.g., IP addresses) resulted in the collection of personal data. The DPAs further found that the subsequent transfer of this data to Google servers located in the United States violated EU cross-border data transfer requirements because there were inadequate safeguards under the Schrems II decision invalidating the EU-US Privacy Shield. One notable impact of the decisions is to dismiss the adequacy of encryption technologies where the service provider (such as Google) has access to the cryptographic key and can be compelled to surrender it in order for the data to be decrypted and read by U.S. surveillance authorities. Consideration of the impact of these decisions is critically important for ecommerce and other websites operating in the EU, as well as more generally for organizations that transfer personal data of consumers and employees to the U.S.
On April 2, the European Parliament voted overwhelmingly to repeal the current EU Directive on clinical trials of medicinal products for human use and replace it with a new Regulation. The primary goals of the new Regulation are to:
- Streamline the approval process for studies conducted across multiple Member states;
- Harmonize the regulation of clinical trials throughout the Member states; and
- Increase transparency of Clinical Trial results.
It was the European Parliament's hope that accomplishing the first two goals would increase the number of clinical ...
Blog Editors
Recent Updates
- Last Call for Comments on the Bipartisan Discussion Draft of the SUSTAIN Act: Shaping 340B for the Future
- Indiana Senate Enrolled Act 9 Requires Written Notice of Health Care Entities’ Mergers or Acquisitions
- Connecticut Bill Calls for Office of Health Strategy to Develop a Plan Regarding Private Equity Firms in Health Care
- Revised OCR Guidance Provides New Examples, but Raises More Questions, Regarding Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
- FDA Releases Draft Guidance on New Dietary Ingredient Notification Procedures, Timelines