Recent decisions from the European Union (EU) have placed renewed focus on the use of common cookies used on ecommerce and other websites used by consumers and employees and transfers of personal data collected through cookies to the United States. The EU Data Protection Authorities (DPAs) found that the use of widely used website technologies (i.e., cookies and java script) to automatically collect identifiers from the users’ devices or through their use of internet protocols (e.g., IP addresses) resulted in the collection of personal data. The DPAs further found that the subsequent transfer of this data to Google servers located in the United States violated EU cross-border data transfer requirements because there were inadequate safeguards under the Schrems II decision invalidating the EU-US Privacy Shield. One notable impact of the decisions is to dismiss the adequacy of encryption technologies where the service provider (such as Google) has access to the cryptographic key and can be compelled to surrender it in order for the data to be decrypted and read by U.S. surveillance authorities. Consideration of the impact of these decisions is critically important for ecommerce and other websites operating in the EU, as well as more generally for organizations that transfer personal data of consumers and employees to the U.S.
Our colleague at Epstein Becker Green has a post on the Technology Employment Law blog that will be of interest to our readers: “The GDPR Soon Will Go Into Effect, and U.S. Companies Have to Prepare.”
Following is an excerpt:
The European Union’s (“EU’s”) General Data Protection Regulations (“GDPR”) go into effect on May 25, 2018, and they clearly apply to U.S. companies doing business in Europe or offering goods and services online that EU residents can purchase. Given that many U.S. companies, particularly in the health care space ...
Our colleague at Epstein Becker Green has a post on the Technology Employment Law blog that will be of interest to our readers in the health care industry: “The GDPR Soon Will Go Into Effect, and U.S. Companies Have to Prepare."
Following is an excerpt:
The European Union’s (“EU’s”) General Data Protection Regulations (“GDPR”) go into effect on May 25, 2018, and they clearly apply to U.S. companies doing business in Europe or offering goods and services online that EU residents can purchase. Given that many U.S. companies, particularly in the health ...
One of the European Parliament’s 20 committees, the Civil Liberties Committee (“LIBE”), voted on October, 21, 2013 on a proposed EU General Data Protection Regulation. The regulation includes an increased level of fines and new regulatory requirements (in case of certain international data transfers and disclosure requests for personal data by foreign courts or authorities). Companies should monitor these issues closely in the next couple of months. Most likely, after the plenary vote on November 18-21, the Parliament will push for rapid negotiations with the Council ...
Too often, companies try to re-invent the wheel. This is especially true in the telehealth sector where new models of care are constantly being tried and tested. Fortunately for U.S. hospitals, health systems, and companies, however, we have great examples of telehealth models from around the world that have built successful business models in telehealth.
Take the example of Calydial, a company based in Lyon, France, that specializes in remote dialysis. Launched in 2006, Calydial started with 25 patients with renal impairment who needed remote treatment and monitoring. Today ...
Telehealth is expanding rapidly outside of the U.S. in both developed and developing countries. Not surprisingly, the expanded use of telehealth presents many of the same regulatory and reimbursement challenges abroad that it does here in the U.S. One region in particular that has taken steps to expand telehealth across borders is Europe, where in an effort to confront the legal issues raised by telehealth, the E.U. has removed and revisited existing regulations. The E.U. has also issued guidance through the European Commission (an institution that is responsible for ensuring ...
Blog Editors
Recent Updates
- DEA Issues Third Extension to Public Health Emergency Telemedicine Prescribing Flexibilities, Through 2025
- CMS Issuing First Risk Adjustment Data Validation Audit Notices for PY2018 Since the RADV Final Rule
- Just Released: Telemental Health Laws – Download Our Complimentary Survey and App
- HISAA: New Legislation Would Bring Cybersecurity Requirements for HIPAA Covered Entities and Business Associates
- Post-Hurricane Flexibilities Offered by the U.S. Department of Health and Human Services Through the Centers for Medicare & Medicaid Services