Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Lilly Taranto

Posts by Lilly Taranto
Posted in International/EU Privacy

New Data Protection-Friendly eCommercial Model Clinical Trial Agreements Now Available

Updated versions of the UK model Clinical Trial Agreement and the Clinical Research Organisation model Clinical Trial Agreement have been published. Given the increasing importance of safe but swift clinical trials in the time of coronavirus, this post outlines the main changes introduced from a data protection perspective and what they mean for contracting parties.

Posted in International/EU Privacy

Making COVID-19 Apps Data Protection Compliant

The role of COVID-19 contact tracing apps in the exit strategy of the current lockdown that is gripping much of the world is increasingly becoming a focus of attention. While that role is being hotly debated, it is very likely that those apps in combination with other measures will be deployed across many countries. Until now and despite the calls by influential bodies such as the European Data Protection Supervisor for a coordinated approach to the development of single COVID-19 mobile app involving the World Health Organization, different countries have adopted their own strategies.

Posted in Health Privacy/HIPAA, International/EU Privacy

Medical Research Council Advises on How to Anonymise Information for Research Purposes

Anonymisation has always been (and still is) a real challenge for those carrying out clinical research. To shed some light on this matter, the Medical Research Council – which is part of UK Research and Innovation – has recently published guidance on Identifiability, anonymisation and pseudonymisation. Although the guidance itself states that it has been developed with the participation of the Information Commissioner’s Office, it is not ICO-approved and so institutes and organisations should be cautious when relying on the criteria set out in the guidance.

Posted in International/EU Privacy

EDPB Advises on Lawful Grounds for Processing Personal Data in Clinical Trials

With the coming into effect of the General Data Protection Regulation (“GDPR”), those conducting clinical trials in the EU face a complex set of rules ranging from lawful grounds for processing and transparency to restrictions on data transfers and secondary uses. To assist with this task the European Commission is in the process of adopting a Q&A document on which it has sought the advice from the European Data Protection Board (“EDPB”).

Posted in International/EU Privacy

Recap on the ICO Stance on Data Security

The UK’s Information Commissioner’s Office is known to prefer an “engaging” rather than an enforcement approach with organisations. However, when looking at the “action we’ve taken” page on the ICO website the ICO’s enforcement activity seems to be increasing by the day. While the ICO has stated that it wants to focus its enforcement efforts going forward on unsolicited marketing, such as nuisance messages and calls, breaches of security requirements have to date attracted the majority of the ICO’s enforcement attention. Therefore, organisations operating in the UK would be well-served to focus on understanding and adhering to the ICO’s expectations for data security compliance.

Posted in International/EU Privacy

PART 10: Enforcement and the Risk of Non-Compliance

One of the major purposes of the Regulation is to ensure a consistent application of data protection law throughout the EU, not only to provide a high level of data protection but also to guarantee legal certainty for businesses when handling personal data. This has presented legislators with one of their biggest challenges: how to maintain the existing network of independent national DPAs, whilst ensuring that they promote a consistent interpretation of the Regulation and minimising the number of different DPAs which a controller has to deal with. It remains to be seen whether they have devised a workable solution. This entry is an excerpt from Hogan Lovells’ “Future-proofing privacy: A guide to preparing for the EU Data Protection Regulation.”