European Data Protection Board Issues Guidance on Interplay Between GDPR and Rules Governing Data in Clinical Trials

On January 23, 2019, the European Data Protection Board (EDPB), released an opinion on the relationship between the European Clinical Trials Regulation (CTR) and the EU General Data Protection Regulation (GDPR) (the “Opinion”). The CTR, scheduled to take effect in 2020, is designed to harmonize how clinical trials are assessed and supervised across the EU. It introduces a Clinical Trials Information System and establishes rules that protect individuals and enhance transparency requirements. In its Opinion, the EDPB provides guidance on (1) the legal bases for primary uses of clinical data, i.e., processing personal data in the course of a clinical trial protocol, and (2) secondary uses of clinical trial data…

READ MORE

U.S. Senate Commerce Committee To Hold Hearings on Privacy February 27, 2019

On February 27, 2019, the U.S. Senate Committee on Commerce, Science and Transportation will convene a hearing titled “Privacy Principles for a Federal Data Privacy Framework in the United States.” Committee members will focus on potential Congressional action to “address risks to consumers and implement data privacy protections for all Americans.” Committee Chairman Sen. Roger Wicker of Mississippi described the hearing as an opportunity to “help set the stage for meaningful bipartisan legislation.” The hearing comes in the midst of calls from policymakers, advocates and industry for law that would protect individuals, foster trust, and promote innovation. Several lawmakers introduced legislation in the last Congress, and bills are expected…

READ MORE

PrivacyMinder® Demonstration: Efficiently Comply with Both GDPR & CCPA

California Consumer Privacy Act (CCPA) compliance starts now! CCPA requires companies to be ready to respond to consumer requests for data processing disclosure dating January 1, 2020, but the law’s 12-month look-back provision means you need to be ready today. Join Achieved Compliance’s President Melise Blakeslee as she walks you through how our PrivacyMinder® software platform can get you fully compliant with both GDPR and CCPA in just days with minimal internal disruption. Our compliance management platform can help you put in place the requirements for compliance with relevant laws, including those here in the US and in the EU. PrivacyMinder® helps you conduct data analysis on your own,…

READ MORE

French Data Protection Authorities Fine Google Nearly $57 Million for Violations of the General Data Protection Regulation’s Notice and Consent Requirements

French regulators have fined Google nearly $57 million for violations of the General Data Protection Regulation (GDPR). This fine was the first major penalty levied against a large U.S. technology company since the regulation took effect in May 2018. France’s data protection authority, known as the CNIL, said that Google failed to fully disclose to users how their personal information is collected and what happens to it. Significantly, regulators said that Google also did not properly obtain users’ consent to use the data to serve them personalized advertisements. The CNIL said in a statement that the violations “deprive the users of essentially guarantees regarding processing operations that can…

READ MORE

EU-U.S. Privacy Shield Review Report Outlines Steps To Improve Enforcement and Monitor Compliance

The Privacy Shield – a mechanism by which U.S. companies can legally transfer data to the European Union, continues to draw the attention of regulators and policymakers. On December 19, 2018, the European Commission (the Commission) announced the publication of its report on the second annual review of the EU-U.S. Privacy Shield. The report offers companies insight into what aspects of the Privacy Shield officials find most important and what steps are planned to strengthen enforcement and oversee compliance. Background The EU-U.S. Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Companies must self-certify that they meet the requirements of…

READ MORE