Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

The California Privacy Rights Act of 2020 (CPRA), which expands consumer privacy rights, passed as California Proposition 24 on November 3, 2020. The CPRA expands the existing California Consumer Privacy Act by creating additional consumer privacy rights, such as new rights for personal information correction, expanded rights for personal information deletion, and new personal data retention and proportionality requirements. It also establishes the California Privacy Protection Agency as California’s privacy regulator.

Most of the CPRA’s provisions will become operative on January 1, 2023, and will apply to personal information collected by businesses on or after January 1, 2022. The CPRA will be enforced beginning July 1, 2023.

Please see our recent LawFlash about the CPRA, and reach out to the LawFlash authors or your Morgan Lewis contacts if you have additional questions.

The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history.

In August 2018, British Airways (BA) was subject to a cyberattack which breached the personal data of nearly 500,000 individuals, contravening the General Data Protection Regulation (GDPR). As Morgan Lewis reported in July 2019, the ICO initially filed a Notice of Intent to fine BA £183m ($227.5 million) – the equivalent of 1.5% of BA’s annual global turnover in 2017.

Please join us on November 11 for a webinar discussing Russian privacy laws. Technology, outsourcing, and commercial transactions partners Anastasia Dergacheva and Ksenia Andreeva will discuss privacy regulations worldwide and trends for 2021, with a focus on Russian privacy law. Topics will include:

  • Processing health-related data and new challenges
  • Transition to remote working environment, and how it impacts privacy regulations
  • Compliance with Russian data localization rule and a 2020 court practice update
  • Pre-coronavirus (COVID-19) and COVID-19-related legislative initiatives in the data privacy field, and what to expect in 2021

The webinar will take place on Wednesday, November 11, 2020, from 10:00–11:00 am ET.

Register for the webinar now >>

Morgan Lewis partner Reece Hirsch will moderate and present on a panel titled “Digital Health Privacy: OCR and FTC Perspectives” during the virtual 2020 Privacy + Security Forum on October 22.

The session will address the latest issues and trends in digital health privacy regulation, featuring the perspectives of senior regulators from the US Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC). The panel will examine the overlapping jurisdictions of the OCR and FTC with respect to a variety of digital health products, including mobile apps, activity trackers, and voice assistants, focusing on a series of hypotheticals.

We hope you'll join Reece on Thursday, October 22, 2020, from 11:30 am to 12:30 pm ET.

More information >>

In response to the coronavirus (COVID-19) pandemic, technology companies and public health authorities around the world have been developing contact tracing apps as a way to track and thus slow the spread of the virus. Implementation of those apps, however, can raise privacy and cybersecurity considerations.

Contact tracing apps essentially work by gathering information from individuals who have tested positive for the virus and then locating and notifying people with whom those individuals have been in close contact, frequently by use of GRP, Bluetooth, or wireless technology.

Please join us on September 8 for a webinar discussing the recently finalized California Consumer Privacy Act (CCPA) regulations. This webinar is part of our 2020 Data Privacy and Protection Boot Camp series.

The event will be led by Morgan Lewis partners W. Reese Hirsch and Andrew J. Gray IV. Discussion topics will include an overview of practical steps you can take to prepare for 2020 compliance with California’s landmark privacy law.

We previously discussed additional details regarding the CCPA and summarized the practical steps that companies can take to maintain compliance with the CCPA in this recent blog post and full Insight by our Morgan Lewis colleagues.

We hope you’ll join us on Thursday, September 8, 2020, from 12:00–1:30 pm ET (9:00–10:30 am PT).

Register for the webinar now >>

Please join us on September 9 for a webinar discussing cybersecurity enforcement issues. This webinar is part of our 2020 Data Privacy and Protection Boot Camp series.

Morgan Lewis partners Susan D. Resley and Andrew J. Gray IV will be the speakers at the event. Discussion topics will include spotting and mitigating enforcement issues concerning cybersecurity-related controls and disclosures.

We hope you’ll join us on Friday, September 9, 2020, from 12:00–1:30 pm ET (9:00–10:30 am PT).

Register for the webinar now >>

The California state attorney general issued a press release on August 14 stating that the Office of Administrative Law (OAL) has approved the California Department of Justice’s regulations regarding the California Consumer Privacy Act (CCPA) and filed them with the California secretary of state, making the regulations effective immediately.

A recent Court of Justice of the European Union (CJEU) ruling—Schrems II—could lead to significant changes for companies that rely on the EU-US Privacy Shield for transferring personal data from the European Economic Area (EEA) to the United States, including increased due diligence on the part of data exporters.

Companies developing digital therapeutics, clinical decision support apps, and other digital health technologies for use in the coronavirus (COVID-19) pandemic should be mindful of FDA’s quickly evolving policies and guidance affecting such technologies. In our recent LawFlash, FDA Regulation of COVID-19 Apps, Digital Therapeutics, and other Digital Health Technologies, we examine recent FDA developments and their implications for companies in the digital health space.

For example, FDA has issued several new guidance documents describing policies of enforcement discretion to help promote the development and availability of digital health technologies for COVID-19. FDA also has issued multiple Emergency Use Authorizations for new COVID-19-related digital health products, and has issued guidance intended to clarify when clinical decision support software is subject to FDA oversight. It is critical for companies seeking to develop digital health technologies for pandemic-related uses to determine whether and how their products may be regulated by FDA.