The United States and the United Kingdom entered into the world’s first ever Clarifying Lawful Overseas Use of Data Act (CLOUD Act) agreement on October 3, 2019 (the Agreement). The Agreement, which will enter into force later this year after review by lawmakers in both countries, allows each country’s law enforcement agencies to demand, with proper authorization, electronic data regarding serious crime (defined in Article 1 of the Agreement as an offense punishable by a maximum term of imprisonment of at least three years) directly from technology companies based in the other country.
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The German Federal Office for Information Security (BSI) has determined the suitability of an industry-specific security standard (B3S) with which hospitals can align their IT security measures. The B3S standard was developed by the German Hospital Association (DKG).
The EU Commission issued its report on the third annual review of the functioning of the EU-US Privacy Shield (Privacy Shield) on October 23. The annual review and corresponding report is required of the Commission by the its July 2016 adequacy decision in which it found that the Privacy Shield ensures an adequate level of protection for personal data that has been transferred from the European Union (EU) to the United States. The goal of the review is to evaluate and publicly report on all aspects of the functioning of the Privacy Shield Framework.
Morgan Lewis partners Ksenia Andreeva, Anastasia Dergacheva, Vasilisa Strizh, and Brian Zimbler and associate Anastasia Kiseleva contributed the chapter on Russia for the recently released Data Protection & Privacy 2020, the eighth edition of the Lexology Getting the Deal Through publication.
Lexology Getting The Deal Through provides international expert analysis in key areas of law, practice, and regulation for corporate counsel, cross-border legal practitioners, and company directors and officers. The publication addresses many of the most important data protection and data privacy laws in force or in preparation throughout the globe, with a discussion of the same key data protection and privacy questions with analysis from leading practitioners in each of the featured jurisdictions.
A recent LawFlash by Morgan Lewis partners Ksenia Andreeva and Vasilisa Strizh and associate Anna Pirogova discusses a draft law proposed in Russia that would introduce heavy fines for violations of Russia’s data protection law and a variety of internet activity laws.
The primary federal data privacy law in Russia, On Personal Data, dated July 28, 2006 (the Personal Data Law), applies to “personal data operators,” which are entities that organize and carry out the processing of personal data and determine the purpose of individuals’ personal data processing. The proposed draft law, On Amending the Code of Administrative Offences of the Russian Federation, relates to the “localization requirement” of the Personal Data Law, which creates on obligation for personal data operators to collect, store, and otherwise process personal data of Russian citizens using databases and servers located in Russia.
The Q2 2019 issue of Morgan Lewis’s Life Sciences International Review was recently released. The review includes updates relevant to the life sciences industry from across the world, including the United States, Europe, and Asia. The topics range from intellectual property and data privacy to international trade and labor and employment. We found it to be an excellent read for anyone interested in keeping up with current trends in the life sciences sector.
Two of the topics that we found to be of particular interest were about data privacy in the European Union and foreign investments in the United States biotechnology industry. The review looks at the opinion adopted by the European Data Protection Board (EDPB) regarding the interplay between the General Data Protection Regulation and the forthcoming Clinical Trials Regulation. The review also discusses the increased activity by the Committee on Foreign Investment in the United States (CFIUS) in scrutinizing life sciences transactions, which has led to several transactions being blocked or mitigated.
The Life Sciences International Review is a quarterly newsletter published by Morgan Lewis lawyers with important updates and insights for the life sciences sector. Be sure to look for the next publication coming in the fall!
The European General Data Protection Regulation (GDPR) took effect in May 2018, requiring companies that handle or process EU residents’ personal information to conform to practices that seek to more fully protect consumer sensitive information. Companies that fall under this category, known as data controllers, must secure consumer consent or another legally acceptable method of gathering personal information, notify individuals of the personal information that is collected and how it will be used, and limit the collection and maintenance to necessary information for a limited period of time. The individuals whose personal information is gathered also have a right to access the information, limit its use, and withdraw their consent from data controllers for such use.
No one knows at the moment what the relationship will be between the United Kingdom and the European Union the day after Brexit on 31 October.
The life sciences sector is arguably the most closely harmonized within the European Union. Both medicinal products and medical devices are very much subject to Brussels-driven legislation. In addition to the regulatory issues that would result from Brexit, there could be substantial supply chain interference.
Russia has amended its main laws governing the internet to allow the government to restrict access to the internet and to control internet traffic in emergency situations.
Federal Law No. 90-FZ of 1 May 2019 introduced a set of amendments to the Federal Law on Communications and the Federal Law on Information, Information Technologies and on Protection of Information (the Amendments). The Amendments are colloquially referred to as the “sovereign runet law” or the “law on the secured internet.”
Russia’s Central Bank, the financial markets regulator in Russia, might soon receive the right to block websites. On 24 January, the State Duma, the lower house of the Russian parliament, approved amendments in the first reading to the Federal Law "On Information, Information Technologies and Protection of Information" and the Civil Procedure Code (the Proposed Amendments).
The Proposed Amendments are designed to give the Central Bank the right to block websites violating financial market legislation or used to maintain fraudulent activities.