Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Mike Pierides, a partner in our technology, outsourcing, and commercial transactions practice, will be presenting a session titled “Procuring RegTech – Best Practices for Sourcing Compliance-related Technology from Third Party Vendors” at the 6th International Compliance Forum.

Please join us on September 8 for a webinar discussing the recently finalized California Consumer Privacy Act (CCPA) regulations. This webinar is part of our 2020 Data Privacy and Protection Boot Camp series.

The event will be led by Morgan Lewis partners W. Reese Hirsch and Andrew J. Gray IV. Discussion topics will include an overview of practical steps you can take to prepare for 2020 compliance with California’s landmark privacy law.

We previously discussed additional details regarding the CCPA and summarized the practical steps that companies can take to maintain compliance with the CCPA in this recent blog post and full Insight by our Morgan Lewis colleagues.

We hope you’ll join us on Thursday, September 8, 2020, from 12:00–1:30 pm ET (9:00–10:30 am PT).

Register for the webinar now >>

Following up on our CCPA post earlier this week, Morgan Lewis privacy lawyers Reece Hirsch and Andrew Gray have put together a webinar to discuss CCPA and how to prepare for 2020 compliance with California's landmark privacy law. Register for the webinar if you or your organization are curious about how the CCPA impacts your industry.

The California state attorney general issued a press release on August 14 stating that the Office of Administrative Law (OAL) has approved the California Department of Justice’s regulations regarding the California Consumer Privacy Act (CCPA) and filed them with the California secretary of state, making the regulations effective immediately.

A recent Court of Justice of the European Union (CJEU) ruling—Schrems II—could lead to significant changes for companies that rely on the EU-US Privacy Shield for transferring personal data from the European Economic Area (EEA) to the United States, including increased due diligence on the part of data exporters.

Companies developing digital therapeutics, clinical decision support apps, and other digital health technologies for use in the coronavirus (COVID-19) pandemic should be mindful of FDA’s quickly evolving policies and guidance affecting such technologies. In our recent LawFlash, FDA Regulation of COVID-19 Apps, Digital Therapeutics, and other Digital Health Technologies, we examine recent FDA developments and their implications for companies in the digital health space.

For example, FDA has issued several new guidance documents describing policies of enforcement discretion to help promote the development and availability of digital health technologies for COVID-19. FDA also has issued multiple Emergency Use Authorizations for new COVID-19-related digital health products, and has issued guidance intended to clarify when clinical decision support software is subject to FDA oversight. It is critical for companies seeking to develop digital health technologies for pandemic-related uses to determine whether and how their products may be regulated by FDA.

The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to regulated activities (in this instance, insurance and reinsurance undertakings) within the UK jurisdiction.

In its statement, the FCA noted that this is due to the fact that the EIOPA guidelines will enter into force on January 1, 2021, which is after the end of the EU withdrawal transition period.

The Business Software Alliance (BSA) recently endorsed principles for building trust in the Internet of Things (IoT), highlighting the need for a risk-based approach that (1) accounts for the various components, capabilities, users, environments, life cycles, and complexities of the IoT ecosystem, and (2) engages the corresponding stakeholders. Given the near boundless opportunities—and risks—deriving from its connectivity, a connected device should not be designed and managed in isolation.

The following key themes emerged throughout the BSA policy principles:

The European Securities and Markets Authority (ESMA) published its draft guidelines on outsourcing to cloud service providers on June 3. Steven Maijoor, the chair of ESMA, indicated that the purpose of the guidelines is to “help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”

Following the US Department of Justice’s recent recommendations to reform Section 230 of the Communications Decency Act (CDA) to provide incentives for online platforms to address illicit material on their platforms, two US senators have proposed the Platform Accountability and Consumer Transparency Act (PACT), legislation aimed at reforming Section 230 of the CDA.