Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor regime, such as more direct and active oversight by US regulators, more stringent privacy protections, and establishing an ombudsman at the State Department for EU citizens who wish to complain about data protection matters. However, as a legal and compliance matter, US companies who previously relied upon Safe Harbor to transfer EU data take significant compliance risk if they do nothing in anticipation of newly branded EU-US Privacy Shield framework being formally approved, given it is not yet documented and will be subject to review by the EU data protection supervisory authorities in the so-called Article 29 Working Party as well as representatives of the Member States and the European Parliament.
On June 14, 2013, the Food and Drug Administration (“FDA”) issued a draft guidance entitled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” (“Guidance”). The Guidance was issued in response to growing concerns about IT vulnerabilities due to the increased use of wireless, Internet and network-connected devices coupled with the frequent electronic exchange of health information. To that end, the Guidance identifies a series of cybersecurity considerations manufacturers should…
The First Chamber of the German Federal Supreme Court decided on the permissibility of outbound advertising calls on the basis of a so-called “double-opt-in” (judgement dated February 10, 2011 – I ZR 164/09 – Telefonaktion II). The full reasoning of the decision has not been published yet. But the press release already gives important clues as to the Court’s considerations.
A local healthcare insurance company had called consumers whose telephone numbers had been collected in the course of a lottery.