As companies adjusted to the “new normal” of coronavirus (COVID-19) restrictions, spending on cloud services has seen a boom. Spending by companies on cloud services exploded in the second quarter to a record $34.6 billion, up approximately 11% from the first quarter of 2020 and 30% from the same period last year, according to research firm Canalys, as reported by the Wall Street Journal.
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
A recent Court of Justice of the European Union (CJEU) ruling—Schrems II—could lead to significant changes for companies that rely on the EU-US Privacy Shield for transferring personal data from the European Economic Area (EEA) to the United States, including increased due diligence on the part of data exporters.
With the world in various states of lockdown, your organization’s online presence is more important than ever…even more so with official enforcement of CCPA beginning last month. It may be a good time to spend an afternoon reviewing and updating the legal boilerplate on your organization’s website. Here is what we recommend for a basic three-part review to get you started:
- Privacy Policy. Many clients updated their policy earlier this year to reflect changes required by CCPA. If you fall into this category, then ensuring that the proper version of your privacy policy is reflected on your website, typically in the footer, is a good idea. You would be surprised to know how many clients update their policy, but then fail to actually post the correct version publicly. If you did not recently review your privacy policy, it may be a good time to do so. In addition to seeking advice on changes recommended in light of CCPA, it is also good hygiene to pull the policy and give it a fresh read. Has your organization’s collection practices changed? Has your organization began using or disclosing data differently than it has in the past? A privacy policy only protects your organization to the extent that it is accurate and complete, so periodically spending an hour or so to ensure its accuracy is typically time well spent.
Companies developing digital therapeutics, clinical decision support apps, and other digital health technologies for use in the coronavirus (COVID-19) pandemic should be mindful of FDA’s quickly evolving policies and guidance affecting such technologies. In our recent LawFlash, FDA Regulation of COVID-19 Apps, Digital Therapeutics, and other Digital Health Technologies, we examine recent FDA developments and their implications for companies in the digital health space.
For example, FDA has issued several new guidance documents describing policies of enforcement discretion to help promote the development and availability of digital health technologies for COVID-19. FDA also has issued multiple Emergency Use Authorizations for new COVID-19-related digital health products, and has issued guidance intended to clarify when clinical decision support software is subject to FDA oversight. It is critical for companies seeking to develop digital health technologies for pandemic-related uses to determine whether and how their products may be regulated by FDA.
Adding corporate flexibility to IT-related commercial contracts can make seemingly unrelated mergers and acquisitions (M&A) transactions a bit less complex. Although many contracting parties already consider assignment rights and restrictions in relation to certain successor scenarios, the divestiture scenario—where contractual rights are not simply transferred in whole—deserves a closer look.
The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to regulated activities (in this instance, insurance and reinsurance undertakings) within the UK jurisdiction.
In its statement, the FCA noted that this is due to the fact that the EIOPA guidelines will enter into force on January 1, 2021, which is after the end of the EU withdrawal transition period.
The Business Software Alliance (BSA) recently endorsed principles for building trust in the Internet of Things (IoT), highlighting the need for a risk-based approach that (1) accounts for the various components, capabilities, users, environments, life cycles, and complexities of the IoT ecosystem, and (2) engages the corresponding stakeholders. Given the near boundless opportunities—and risks—deriving from its connectivity, a connected device should not be designed and managed in isolation.
The following key themes emerged throughout the BSA policy principles:
The European Securities and Markets Authority (ESMA) published its draft guidelines on outsourcing to cloud service providers on June 3. Steven Maijoor, the chair of ESMA, indicated that the purpose of the guidelines is to “help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”
Although many companies are already revisiting contractual provisions relating to nonperformance, like force majeure clauses, as the coronavirus (COVID-19) pandemic continues to wreak havoc on public health and the economy, other proactive (but less publicized) contractual measures can facilitate early discovery and mitigation of potential nonperformance.
Please join us on July 16 for a webinar discussing investments in the information technology (IT) and ecommerce space in Russia. We will provide an overview of key transactional, regulatory, and tax considerations affecting foreign investments in the technology space in Russia. Topics will include:
- Top 10 things you need to know about IT and ecommerce in Russia
- The most popular ways to structure investments in the IT and digital space in Russia
- Russian antitrust rules and foreign investments restrictions
- Upcoming changes in the tax regime for Russian IT companies
We hope you’ll join us on Thursday, July 16, 2020, from 10:00–11:00 am ET (5:00–6:00 pm MSK).
