Privacy legislation was passed and implemented in the European Union, but the picture in the U.S. is pockmarked by state legislation, a scenario that raises concerns about a fractured and impracticable compliance regime.
Privacy considerations have been front and center for U.S. federal government agencies for more than two decades, but several states have jumped into the privacy arena with their own legislative imperatives. While companies in the medical device industry would like to see a less imposing thicket of related enforcement requirements, Nancy Perkins of Arnold & Porter LLP said there is little prospect that Congress will relieve the predicament with anything resembles preemptive legislation.
The U.S. Federal Trade Commission (FTC) reported a settlement with San Francisco-based 1Health.io Inc. for allegations that the consumer gene testing company failed to properly secure customers’ data, an oversight that will cost the company only $75,000 in fines.
As biopharma and med-tech companies grapple with restrictive data privacy laws in the EU and China while trying to meet the demand for greater diversity reflective of the U.S. population, there’s been more of an interest in conducting clinical trials in the U.S., Stacy Amin, a partner at Morrison & Foerster LLP, told BioWorld.
As biopharma and med-tech companies grapple with restrictive data privacy laws in the EU and China while trying to meet the demand for greater diversity reflective of the U.S. population, there’s been more of an interest in conducting clinical trials in the U.S., Stacy Amin, a partner at Morrison & Foerster LLP, told BioWorld.
Data privacy laws are springing up more regularly in the past couple of years, including in several U.S. states, but Congress seems inclined to step in to avoid a patchwork of regulations across the 50 states. The House Energy and Commerce Committee gave a ringing endorsement of new legislation via a 53-2 vote for H.R. 8152, a bill that would largely preempt the growing list of state privacy laws, but makers of health apps and other digital products might eventually be subject to private litigation under the terms of the bill.
As a growing roster of nations moves to protect individual genomic and other health data in the name of privacy under the General Data Protection Regulation in the EU and similar laws elsewhere, chief aggregators of such data, drug developers, are struggling.
As a growing roster of nations moves to protect individual genomic and other health data in the name of privacy under the General Data Protection Regulation in the EU and similar laws elsewhere, chief aggregators of such data, drug developers, are struggling.
In a span of a mere two years, the state of California passed two ballot initiatives dealing with privacy that promise to have an impact on digital health, the second of which created an office specifically for privacy enforcement matters. Eric Goldman, a professor of law at the Santa Clara (California) University School of Law, said on a recent webinar that the state attorney general’s office and the new California Privacy Protection Agency (CPPA) have overlapping jurisdiction, and as a consequence, companies doing business in California may find themselves at the mercy of not one, but two enforcement entities.
Device makers may see privacy legislation in California and other U.S. states as a source of regulatory balkanization, but that very same problem is cropping up in the international arena. In addition to the European General Data Protection Regulation (GDPR), privacy requirements are popping up in Brazil and elsewhere, and Eric Bowlin, a partner at Deloitte Risk & Financial Advisory, told attendees on a virtual symposium that the best approach might be to base a compliance program on general principles.
