As part of the Commissions Digital Single Market Strategy, the European copyright rules are also under review. So far, a rather general communication “Towards a modern, more European copyright framework” as well as a draft regulation on cross-border portability have been published (blog post series). This was in December 2015. Since then, particularly the draft regulation has been subject to controversial discussion. The European Parliament will debate a revised version of the draft in early January 2017. However, the Commission already anticipated a more detailed outline of its plans for the modernization of the copyright in Europe. The communication is due in September. That said, just yesterday, a Staff Working Paper was leaked through British non-profit organization Statewatch. The 182-page document holds an impact assessment on the modernization of EU copyright rules.
Quite interestingly, the Commission analyses several legislative options in order to reform European copyright rules and to make them fit for the digital age. A core element of the paper is a comprehensive impact assessment. The document is basically divided into three areas:
On 3 July 2016 the Russian President signed into law a bill amending the Law on Mass Media and Advertising Law (the “Law“), which restricts foreign ownership in TV audience measurement businesses to 20%.
The Law provides that TV audience measurements may be carried out exclusively by organizations authorized by the Federal Service for Supervision of Communications, Information Technology and Mass Media (the “Roskomnadzor“) which shall submit annual research reports to Roskomnadzor as well as place such reports on their websites (the “Authorized Organizations“). Antitrust restrictions are not applicable to Authorized Organizations and the term of their license is limited to three years.
Authorized Organizations shall be selected by a committee appointed by Roskomnadzor in compliance with a specific procedure before 1 January 2017. Such committee is to include representatives of TV broadcasting organizations.
On August 10, 2016, the Sixth Circuit Court of Appeals overturned a Federal Communications Commission (FCC) Order that had sought to preempt Tennessee’s and North Carolina’s laws restricting local municipalities’ ability to provide broadband service. The Court found that the FCC had exceeded its statutory authority by preempting state laws without clear authorization from Congress.
EDITOR’S NOTE: We are excited to present this entry in our TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace. It also provides an opportunity to highlight contributions by TMT associates across our global offices and practice areas.
Today’s smartphones rely on mobile broadband connectivity that is supported in large part by cellular base stations installed on traditional antenna towers. But the smartphones and other connected consumer electronic devices of tomorrow will connect over dense networks using much smaller access points located much more closely to one another than traditional cell phone towers. As network operators consider how, and just as importantly, where to install this new infrastructure, they should consider the benefits of partnering with solar infrastructure manufacturers to incorporate mobile broadband antennas into solar power equipment.
On Wednesday, August 17, 2016, the Future of Privacy Forum (FPF) released a set of detailed guidelines for the collection and use of consumer-generated wellness data. The document, Best Practices for Consumer Wearables & Wellness Apps & Devices, was drafted by FPF with input from a wide range of stakeholders, including privacy advocates, companies, and regulators. The Best Practices guidelines set forth a Fair Information Practice Principles (FIPPs)-based trust framework that builds on existing legal expectations to provide a set of best practices designed to result in providing appropriate protections in light of the nature and sensitivity of the data.
Although much of the information collected and used by wearables and other wellness technologies is already subject to legal protections—for instance, COPPA, HIPAA, the FCRA, or the ADA—some health information and tools may fall outside of these laws and are not covered by specific sectoral protections. According to the FPF, these Best Practices are designed to address such gaps and to add more specific guidance where general privacy statutes may apply to health and wellness apps and devices.
On June 21, 2016, the State Council issued the Guiding Opinions on Promoting and Regulating the Development of the Application of Healthcare Big Data (“Guiding Opinions“). The Guiding Opinions declare that healthcare big data is a fundamental, strategic national resource; recognize that its development will have a significant impact on healthcare and medical treatment; and formulate programmatic plans for development goals, key tasks, and an organizational framework. Given the Guiding Opinions’ embrace of digitization, the use of data, and information sharing, we expect that a foreseeable campaign to promote the development of big data in healthcare sector is ahead of us, and that we might see evolutionary or even revolutionary changes occur in the healthcare sector.
What is “big data in healthcare”?
Big data in healthcare refers to the aggregation of multiple aspects of healthcare-related information covering the full life-cycle of a large constituency of people, covering personal health, medical services, disease control and prevention, food safety, health preservation, among other things.
A new report from the Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) highlights data protection gaps in the U.S. for health data from wearable devices, social media, and emerging technologies. The report, “Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA,” identifies several areas in which privacy and security protections for health data have lagged behind technological developments that are expanding the collection of health data outside the traditional venues for health care.The report notes that HIPAA’s rules for protecting the privacy and security of health information were designed to protect data held by health care providers and health plans and do not extend to many mHealth technologies sold directly to consumers (e.g., wearable health sensors and apps on smartphones and tablets) or social media, which includes websites and apps on which individuals are encouraged to voluntarily share information about their health. Both categories fall outside of what the report refers to as “traditional health care organizations” regulated by HIPAA.
HHS acknowledges that health data not covered by HIPAA is not entirely without protection. The agency highlights protections offered by the Federal Trade Commission (FTC) and state data protection laws. The FTC protects health data by prohibiting “unfair or deceptive acts or practices” in violation of section 5 of the FTC Act and enforcing the FTC Health Breach Notification Rule, which covers consumer health data contained in online tools that help consumers manage their own health information, known as personal health records (PHRs).
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is taking an aggressive stand on HIPAA enforcement and targeting violations related to security risk assessments and business associate agreements. Three resolution agreements posted in the last month make clear that the agency expects entities subject to HIPAA to take appropriate steps to secure their data, regardless of the size or type of the entity.
Holding Business Associates Accountable for HIPAA Security Rule Compliance
OCR announced on June 29 that the Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) agreed to a $650,000 settlement and corrective action plan for potential HIPAA violations after the theft of an iPhone compromised the health information of more than 400 nursing home residents. This resolution agreement marked the first time that OCR entered into a settlement with a business associate directly.
CHCS operated as a business associate to six skilled nursing facilities, providing management and information technology services. The iPhone stolen from CHCS was unencrypted and not password protected, even though it stored extensive information including social security numbers and detailed medical information. OCR highlighted in its press release that CHSH had not completed a risk analysis or risk management plan, had no policy for the removal of mobile devices containing PHI from its facility, and had no security incident response plan. In the settlement, CHCS agreed to develop and implement the necessary policies and procedures to secure personal health information, including on mobile phones, as part of its two-year corrective action plan.
Thank you to everyone who tuned into our webinar “Privacy Shield: What You Need to Know.”
In this complimentary webinar, Julie Brill, Tim Tobin, and Bret Cohen of Hogan Lovells’ Washington office, and Eduardo Ustaran of our London office explored:
- What do companies need to do to sign up to the Privacy Shield?
- How do companies demonstrate compliance with the Privacy Shield principles?
- What will it take to move from Safe Harbor to Privacy Shield?
- What are the pros and cons of Privacy Shield as compared to other EU cross-border transfer mechanisms?
- What is the long-term viability of Privacy Shield?
To access the a copy of the slide deck, click here.
To access the recorded webinar, click here.
Stay tuned to the blog for future updates , including any interpretations or next-steps guidance from the European data protection authorities, the U.S. Department of Commerce, or the Federal Trade Commission.
On July 25, 2016, Hogan Lovells hosted a Silicon Valley dinner as part of its 2025 dinner series. The theme of the dinner was “I’m from Mars, You’re from Venus: The Tech Community and its Future Relationship with Government”. The discussion, moderated by Deirdre Mulligan of UC, Berkeley, focused on the tech community’s view of regulatory, law enforcement and national security issues, here in the U.S., as well as in Europe; and how the tech industry will be impacted by the upcoming U.S. elections as well as Brexit.
Deirdre Mulligan, Neal Katyal and Julie Brill guided discussions with Silicon Valley tech leaders around three themes:
Policy through Design: the FBI vs. Apple case (amicus brief available here) highlights the issue of technology design as an attractive new battleground for disputes about which public values to prioritize. The concerns center around whether government should regulate use of technology or the technology itself. In the past, choices about which values to promote in public policy have largely focused on governing systems and their use: the regulation of technology. Today, and in the future, regulators increasingly seek to build in value preferences through technological form: policy by design. The problem now is that multiple government agencies are seeking to bend technology to support competing priorities. Law enforcement and national security agencies have actively sought to constrain privacy and security features of the technical artifacts upon which we rely to ensure ready access to data and easy monitoring to support law enforcement investigations and prosecutions. At the same time, privacy and consumer protection regulators around the globe have demanded “privacy by design” – the notion that information privacy, and now information security, inform the design and modification of computer and information systems, including digital networks and devices.