The Data (Use and Access) Bill passed both Houses of UK Parliament and received Royal Assent on 19 June 2025, now becoming the Data (Use and Access) Act 2025 (“DUA Act”). This is the final iteration of the Data Protection and...more
7/16/2025
/ Cookies ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Subject Access Requests ,
EU ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Marketing ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Burden ,
Scientific Research ,
UK
With the deadline for Member States to transpose the European Union’s updated Network and Information Systems Directive (Directive (EU) 2022/2555) (NIS 2 or Directive) into national law, with the Directive having passed on 18...more
11/5/2024
/ Compliance ,
Critical Infrastructure Sectors ,
Digital Services ,
EU ,
EU Directive ,
Infrastructure ,
Manufacturers ,
Member State ,
New Regulations ,
Online Platforms ,
Risk Management ,
Security and Privacy Controls ,
Social Networks
As the life sciences, medtech, and diagnostic industries continue to expand and grow increasingly complex, so does the legal, regulatory, and compliance landscape. To help companies and investors navigate the many evolving...more
1/4/2024
/ Advertising ,
Biosimilars ,
Center for Biologics Evaluation and Research (CBER) ,
Clinical Trials ,
Compliance ,
Draft Guidance ,
EU ,
European Commission ,
European Medicines Agency (EMA) ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Food and Drug Administration (FDA) ,
Inflation Reduction Act (IRA) ,
Life Sciences ,
Manufacturers ,
Marketing ,
Medical Devices ,
Medicare ,
Medicines and Healthcare Products Regulatory Agency (MHRA) ,
Pharmaceutical Industry ,
Popular ,
Prescription Drugs ,
Proposed Legislation ,
Regulatory Standards ,
Research and Development ,
UK
As the life sciences, medtech, and diagnostic industries continue to expand and grow increasingly complex, so does the legal, regulatory, and compliance landscape. To help companies and investors navigate the many evolving...more
10/2/2023
/ Biologics ,
Clinical Trials ,
Compliance ,
Diagnostic Tests ,
Draft Guidance ,
EU ,
European Medicines Agency (EMA) ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Food and Drug Administration (FDA) ,
Life Sciences ,
Manufacturers ,
Marketing ,
Medical Devices ,
Medicines and Healthcare Products Regulatory Agency (MHRA) ,
PDUFA ,
Pharmaceutical Industry ,
Prescription Drugs ,
Proposed Legislation ,
Public Consultations ,
Regulatory Oversight ,
Regulatory Requirements ,
UK
In a previous alert, Too Important To Fail? Further Light on When EU and Non-EU Technology Providers Will Become Subject To DORA, we discussed the EU Digital Operational Resilience Act (DORA). We have also set up a microsite...more
On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-US Data Privacy Framework (“DPF”), the revamped transatlantic framework designed to support transfers of personal data from the EU to...more
7/19/2023
/ Adequacy Requirement ,
Binding Corporate Rules ,
Certification Requirements ,
Data Privacy ,
EU ,
Executive Orders ,
Framework Agreement ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Standard Contractual Clauses ,
Switzerland ,
UK
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
8/27/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Transfers ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Impact Assessments ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Risks of non-compliance with the GDPR keep increasing with data protection authorities (DPAs) now ordering suspension of transfers of personal data to the U.S. In March, the Bavarian DPA found there was an unlawful transfer...more
Earlier this year, the European Data Protection Board (“EDPB”) issued additional guidance on the application of the General Data Protection Regulation (“GDPR”) in the area of scientific health research.
In key takeaways...more
3/5/2021
/ Consent ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Scientific Research
On 15 January, 2021, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) adopted a joint opinion (“Joint Opinion”) on the draft new sets of Standard Contractual Clauses (“New...more
1/28/2021
/ Data Protection ,
EDPS ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In This Issue. The Office of the Comptroller of the Currency (OCC) proposed a rule that would establish that a national bank or federal savings association is the “true lender” of a loan if, as of the date of origination, the...more
7/23/2020
/ Banking Sector ,
Board of Directors ,
Board of Governors ,
Comment Period ,
Consumer Complaint Database ,
Consumer Financial Protection Bureau (CFPB) ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Digital Assets ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
FDIC ,
Federal Reserve ,
Federal Savings Associations ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Interim Final Rules (IFR) ,
International Data Transfers ,
Lenders ,
Loan Agreements ,
Main Street Lending Programs ,
Nonprofits ,
OCC ,
Paycheck Protection Program (PPP) ,
Personal Data ,
Proposed Rules ,
Public Comment ,
Regulation Z ,
Request For Information
Today (July 16) Europe’s highest court, the Court of Justice of the European Union (CJEU), in the case of Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II) invalidated the EU–U.S. Privacy...more
7/17/2020
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Standard Contractual Clauses
The world is facing a significant public health crisis that requires a strong response and common approach. Governments and scientists around the world are relying on automated data processing and digital technologies as part...more
The Advocate General has issued an Opinion which states that the European Commission’s decision, enforcing the Standard Contractual Clauses (SCCs), is valid....more
The European Court of Justice recently limited the “right to be forgotten” in a landmark decision for online privacy law.
The decision arises from a dispute between Commission nationale de l'informatique et des libertés...more