Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The California Privacy Rights Act of 2020 (CPRA), which expands consumer privacy rights, passed as California Proposition 24 on November 3, 2020.
The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history.
In response to the coronavirus (COVID-19) pandemic, technology companies and public health authorities around the world have been developing contact tracing apps as a way to track and thus slow the spread of the virus. Implementation of those apps, however, can raise privacy and cybersecurity considerations.
The California state attorney general issued a press release on August 14 stating that the Office of Administrative Law (OAL) has approved the California Department of Justice’s regulations regarding the California Consumer Privacy Act (CCPA) and filed them with the California secretary of state, making the regulations effective immediately.
A recent Court of Justice of the European Union (CJEU) ruling—Schrems II—could lead to significant changes for companies that rely on the EU-US Privacy Shield for transferring personal data from the European Economic Area (EEA) to the United States, including increased due diligence on the part of data exporters.
Companies developing digital therapeutics, clinical decision support apps, and other digital health technologies for use in the coronavirus (COVID-19) pandemic should be mindful of FDA’s quickly evolving policies and guidance affecting such technologies. In our recent LawFlash, FDA Regulation of COVID-19 Apps, Digital Therapeutics, and other Digital Health Technologies, we examine recent FDA developments and their implications for companies in the digital health space.
The July 1 enforcement of the California Consumer Privacy Act (CCPA) is one week away. Despite calls by the business community and trade associations to push back the enforcement date to January 2021 due to the coronavirus (COVID-19) pandemic and related disruptions to compliance efforts, the California state attorney general issued a press release on June 2 stating, “Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”
The German Federal Court of Justice (BGH) ruled on May 28 that an opt-out for cookies settings is inadmissible under German law under Section 15(3) of the German Telemedia Act (TMG) in conformity with the ePrivacy Directive (press release of the BGH; available only in German).
As businesses across America begin to reopen in the wake of the coronavirus (COVID-19) pandemic, many will likely implement new social distancing and sanitization procedures.
New York’s Department of Financial Services (DFS) issued guidance on April 13 alerting regulated entities of the significant increase in cybercrime during the coronavirus (COVID-19) pandemic.