Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Companies developing digital therapeutics, clinical decision support apps, and other digital health technologies for use in the coronavirus (COVID-19) pandemic should be mindful of FDA’s quickly evolving policies and guidance affecting such technologies. In our recent LawFlash, FDA Regulation of COVID-19 Apps, Digital Therapeutics, and other Digital Health Technologies, we examine recent FDA developments and their implications for companies in the digital health space.

For example, FDA has issued several new guidance documents describing policies of enforcement discretion to help promote the development and availability of digital health technologies for COVID-19. FDA also has issued multiple Emergency Use Authorizations for new COVID-19-related digital health products, and has issued guidance intended to clarify when clinical decision support software is subject to FDA oversight. It is critical for companies seeking to develop digital health technologies for pandemic-related uses to determine whether and how their products may be regulated by FDA.

The July 1 enforcement of the California Consumer Privacy Act (CCPA) is one week away. Despite calls by the business community and trade associations to push back the enforcement date to January 2021 due to the coronavirus (COVID-19) pandemic and related disruptions to compliance efforts, the California state attorney general issued a press release on June 2 stating, “Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”

Additionally, on June 1, the attorney general took action to finalize the CCPA regulations by submitting the final text of the proposed regulations to the California Office of Administrative Law, requesting expedited review in an attempt to have the regulations adopted and enforceable by July 1.

The German Federal Court of Justice (BGH) ruled on May 28 that an opt-out for cookies settings is inadmissible under German law under Section 15(3) of the German Telemedia Act (TMG) in conformity with the ePrivacy Directive (press release of the BGH; available only in German). As a result, website operators can no longer rely on the fact that it would be possible to set cookies in Germany solely based on their legitimate interests. Previously, operators had justified the opt-out process based on earlier statements of the German supervisory authorities and the wording of TMG regulations.

As businesses across America begin to reopen in the wake of the coronavirus (COVID-19) pandemic, many will likely implement new social distancing and sanitization procedures. That got us thinking about how companies may choose to use touchless authorization technologies like facial recognition as the main form of entry into their facilities, rather than continuing to use tools such as keypads or fingerprint scanners that require many people to repeatedly touch the same surfaces daily.

With more than 40 webinars total, the annual Morgan Lewis Technology May-rathon continues. We thought these particular webinars were especially timely with regard to topics we follow in Tech & Sourcing @ Morgan Lewis:

See the full schedule of remaining May-rathon events >>

New York’s Department of Financial Services (DFS) issued guidance on April 13 alerting regulated entities of the significant increase in cybercrime during the coronavirus (COVID-19) pandemic.

Specifically, DFS noted several cybersecurity risks resulting from the realities of a remote workforce. With the increase of remote working, companies have issued new devices to employees and in many cases allow employees to use their personal devices to remotely access company information. These practices understandably subject companies to increased risk of phishing attacks and the leak of confidential information. Remote connections need to be as secure as possible using mechanisms like Multi-Factor Authentication and secure VPN connections so that data is safely and properly encrypted in transit. Regulated entities should be sure that all devices have the necessary and proper security software and that employees are trained properly on how to use applications securely.

One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week.

The SHIELD Act modernized New York’s laws by (1) expanding the data elements that may trigger data breach notification to include certain biometric information, user names or email addresses, and account, credit card, or debit card numbers, if circumstances would permit account access without a security code or other information; (2) broadening the definition of a breach to include unauthorized “access” (in addition to unauthorized “acquisition”); and (3) creating a new reasonable security requirement for companies to “develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of” the private information of New York residents. The first two changes took effect on October 23, 2019, while the third will take effect on March 21, 2020.

Morgan Lewis recently published an article on the 2019 Novel Coronavirus (COVID-19) outbreak and its effect on General Data Protection Regulation (GDPR) in the European Union. This article discusses the nature of the temporary suspension of some data-protection rights in times of crisis, and how the need to address the ongoing health crisis is being balanced with data-protection rights in Italy, France, and Germany.

Read the full article.

Please join us in our Philadelphia office for our annual Technology, Outsourcing & Commercial Contracts Networking Roundtable. The roundtable will feature an in-depth discussion of hot topics relating to the increased connectivity of our businesses, including privacy concerns, data rights, cloud solutions, and contracting for the use of connected devices. Stay connected with us at the networking reception following the discussions.

We hope you’ll join us in Philadelphia on Thursday, April 16, 2020, from 3:30–5:30 pm ET.

Register now >>

Please join us for an in-depth discussion of subcontracting provisions and their effect on commercial transactions with technology, outsourcing, and commercial transactions of counsel Emily Lowe. Topics will include:

  • Flow-down obligations
  • Royalties and compensation
  • Termination

We hope you’ll join us on Wednesday, March 11, 2020, from 12:00–1:00 pm ET.

Register now >>