GDPR Archives - EMPLOYEE BENEFITS BLOG

Health Data in the EU and UK: Regulatory Trends and Developments

by Sharon Lamb, Deniz Tschammler, Daniel F. Gottlieb, Lorraine Maisnier-Boché and Pilar Arzuaga | Apr 25, 2023 | Digital Health, Employee Benefits, Health and Welfare Plans

With the General Data Protection Regulation (GDPR) resulting in a rise in enforcement incidents, it is prudent for organizations operating in the health and life sciences industries across the United Kingdom, European Union (EU) and other European Economic Area (EEA) nations to assess their responsibilities regarding the gathering and handling of health data. Major Points: “Data concerning health” is a wide term; it doesn’t just apply to medical records. Policies and processing records should accurately capture all health data, including inference data. Most EEA countries, and the United Kingdom, have national laws that supplement GDPR. Consent is not the only legal basis for collecting, storing and using health data; there are other options available, but be aware that “insufficient legal basis for data processing” is a common type of GDPR violation. If used, health data consents must be granular, specific and transparent, and they must break down all the...

VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World

by Amy C. Pimentel and Romain Perray | May 27, 2021 | Employee Benefits, Health and Welfare Plans, Privacy and Data Security

In this video, McDermott Will & Emery partner Amy C. Pimentel explains the significance of health data transfers from the European Union to the United States in a post-Schrems II world. The recent Schrems II ruling invalidated the EU-US Privacy Shield, holding that the US legal regime on access to personal data does not contain adequate limitations and safeguards. Pimentel and McDermott's Romain Perray recently also wrote for McDermott's International News about this topic. Access the article.

Passage of California Privacy Act Could Spur Similar New Regulations in Other States

by Laura Jehl | Dec 21, 2020 | Employee Benefits, Employment, Labor, Privacy and Data Security

On November 3, California citizens approved the California Privacy Rights and Enforcement Act (the CPRA), a comprehensive privacy law that amends another privacy law that went into effect in the state on January 1, the California Consumer Privacy Act (CCPA). The CPRA is intended to strengthen privacy regulations in California by creating new requirements for companies that collect and share sensitive personal information. It also creates a new agency, the California Privacy Protection Agency, that will be responsible for enforcing CPRA violations. In a recent article in CSO, McDermott partner Laura Jehl discussed the impact of the CPRA on the future of privacy legislation in the United States. Access the article.

The Rise of Facial Recognition Technology: Mapping the Legal Framework

by Ashley Winton | Mar 10, 2020 | Privacy and Data Security

In January 2020, the Supreme Court decided it would not hear the issue of whether Facebook broke the law in Illinois when it instituted a photo-tagging feature that honed in on users’ faces and tagged them without their consent, and Facebook has now settled with the users for $550 million. The Illinois law is part of a patchwork of laws applicable to facial recognition technology (FRT). McDermott’s Ashley Winton contributes to the second installment of a three-part article series on FRT. This article examines the applicable legal framework and regulatory guidance, including intellectual property rights, general privacy legislation, specific state biometric data laws and more. Access the full article. Originally published on Cybersecurity Law Report, February 2020

2018 Digital Health Data Developments – Navigating Change in 2019

by McDermott Will & Emery | Feb 14, 2019 | Privacy and Data Security

Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott’s 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights notable developments and guidance that health care providers, digital health companies and other health care industry stakeholders should navigate in 2019. Here, we summarize four key issues that stakeholders should watch in the coming year. For more in-depth discussion of these and other notable issues, access the full report. EU General Data Protection Regulation (GDPR) enhances protections for certain personal data on an international scale. US-based digital health providers and vendors that either (a) offer health care or other services or monitor the behavior of individuals residing in the EU, or (b) process personal data on behalf of entities conducting such activities should be mindful of the GDPR’s potential applicability to their...

GDPR 6 Months After Implementation: Where are We Now?

by Amy C. Pimentel and Mark E. Schreiber | Nov 13, 2018 | Privacy and Data Security

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process the personal data of their EU customers, employees and suppliers. These important changes required action by companies and institutions around the world. In almost six months after the GDPR’s effective date, organizations are still working on compliance—and will be for years to come. Critical provisions The GDPR applies to organizations inside and outside the EU. Organizations “established” inside the EU, essentially meaning a business or unit located in the EU, must comply with the GDPR if they process personal data in the context of that establishment. The GDPR also applies to organizations outside...

UK Employment Alert | What to Expect in UK Employment Law in 2018: GDPR, Brexit Negotiations and More

by Anthony A. Bongiorno, Katie Clark and Paul McGrath | Jan 11, 2018 | Employment, Privacy and Data Security

Whilst 2017 was anticipated to be a fairly static year for UK employment law, that did not in fact prove to be the case, and there were various notable developments. To a large degree, 2018 is likely to be defined by the ongoing Brexit negotiations and the passage of the EU Withdrawal Bill, which will, amongst other things, lay the framework for the future movement of EU workers to the United Kingdom. Employers should, however, be aware of some additional key developments on the horizon. Continue Reading.

Key UK Employment Law Events in 2017 and Beyond

by Anthony A. Bongiorno, Katie Clark and Paul McGrath | Jan 19, 2017 | Benefit Controversies, Employee Benefits, Employment, Executive Compensation, Labor, Privacy and Data Security

Current indications are that 2017 may be a fairly static year as regards to employment law. Whilst it is anticipated the government will trigger Article 50 to start Brexit negotiations, these are likely to last for at least two years, and existing employment laws are unlikely to feel any ripple effect from leaving the European Union for some time. In the meantime, the Prime Minister has asked for a review, expected to take around six months, on whether current employment laws are adequate to protect the rights of the growing numbers of atypical workers. It is unlikely though that any resulting changes will come into effect in 2017. There are, however, a number of key developments that employers will definitely need to get to grips with, or at least prepare for, in 2017. Read the full article here. *Cindy LaMontagne (Trainee) contributed to this article.

The Impact of the EU Data Protection Regulation

by Anthony A. Bongiorno, McDermott Will & Emery, Dr. Paul Melot de Beauregard and Maximilian Baur | Sep 15, 2016 | Privacy and Data Security

The EU General Data Protection Regulation 2016/679 (GDPR) was published in the Official Journal of the European Union on 4 May 2016 following the compromise agreed among the Council of the European Union and the European Parliament. The GDPR will essentially affect any business coming into contact with European personal data. Read the full article here to learn of the impact and next steps.

Brexit Update: The Effect of Brexit on Data Transfers between the United Kingdom and the European Union

by Dr. Claus Färber | Sep 1, 2016 | Privacy and Data Security

With the United Kingdom having voted to leave the European Union (Brexit) on 23 June 2016, the free flow of personal data between the United Kingdom and EU and European Economic Area (EEA) countries is at risk. Should the United Kingdom also leave the EEA and thus become a “third country” for the purposes of data transfers, EU/EEA businesses that are currently retaining UK service providers or data centres to handle or store personal data, or are planning to do so, would have to carefully re-evaluate this decision. Read the full article here.

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

RECENT POSTS