Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions.
The UK Department of Health and Social Care (DHSC) has published a new policy paper “The future of healthcare: our vision for digital, data and technology in health and care” setting out the UK’s approach to using the best technology available in the National Health Service (NHS) and social care sector to provide better care
Update (9/18/2018): Last week, as the U.S. House of Representatives was reconciling its spending bill for the Health and Human Services Department (HHS) with the amendment package passed by the U.S. Senate that is discussed below, House Republicans declined to adopt S.Amdt. 3964, which would have provided HHS with $1 million to issue rules requiring pharmaceutical companies to list prices
The U.S. Government is renewing its focus on mitigating technological risks by regulating the supply chain for various goods and services. To achieve these goals, Congress and agencies have introduced, and in some cases enacted, legislation and regulations that direct agencies to identify, assess, and mitigate supply chain risks generally as well as prohibit agencies
On 27 December 2016, the Belgian Law of 18 December 2016 concerning various health-related matters (“the Sunshine Act”) was adopted by the Belgian Ministry for Public Health. The Sunshine Act provides that life sciences companies must publically disclose information concerning all pecuniary advantages or benefits in kind granted, directly or indirectly from Belgium or elsewhere,
In June 2015, the Federal Trade Commission (FTC) held a workshop on The “Sharing” Economy: Issues Facing Platforms, Participants, and Regulators. The Commission also solicited public comments on the topic, receiving more than 2,000 comments in response. On 17 November, the Commission issued a report summarizing the issues explored in the workshop and the public comments. The report emphasized that the workshop (and its ensuing summary) was not intended “as a precursor to law enforcement” but “an opportunity to learn more” about this rapidly evolving business model and to aid “the Commission, as well as regulators, consumer groups, platforms, participants using the platforms, incumbent firms, and others” to address the unique issues raised by sharing economy platforms.
On October 4, 2016, the Department of Defense (DoD) issued a Final Rule for DoD’s Defense Industrial Base (DIB) Cybersecurity (CS) Activities program. The rule amends the cyber incident reporting requirements and the voluntary DIB CS information sharing program in 32 CFR Part 236. It will take effect on November 3, 2016.
On Friday, October 21, 2016, the Department of Defense (DoD) issued a final rule implementing changes to its December 2015 interim rule on DoD contractor cyber incident reporting and cloud computing.
Many digital platforms attract consumers and businesses on a global basis. It is a challenge for national regulators to enforce competition law and other regulatory provisions against such international players. Germany´s Federal Minister of Justice, Heiko Maas, argued in a similar way in an interview with the German newspaper Handelsblatt on 5 October 2016.
The commercial drone industry continues to face regulatory challenges as companies strive to use drones to make their operations safer and more efficient. In a positive development this week, there is now hope that Congress may ease some of these regulatory challenges for natural gas and oil pipelines and other critical infrastructure owners and operators.
Energy companies that operate critical infrastructure face regulatory challenges on a daily basis as they strive to provide effective and efficient service safely. Congress may make some of these regulatory challenges less burdensome by lifting restrictions on the use of drones to monitor their assets.
On Thursday, Federal Communications Commission (“FCC”) Chairman Tom Wheeler circulated a highly anticipated broadband data privacy and security Notice of Proposed Rulemaking (“NPRM”) to the other Commissioners, slating the proposals for a full Commission vote at the agency’s March 31 Open Meeting. The rules would apply to internet service providers (“ISPs”), but organizations throughout the
On January 31, 2016, the Silicon Flatirons Center for Law, Technology, and Entrepreneurship at the University of Colorado hosted its annual Digital Broadband Migration Symposium. The theme of this year’s conference was “The Evolving Industry Structure of the Digital Broadband Landscape.” The two-day conference brought together an array of leaders from government, academia, and industry to examine the role of regulatory oversight, antitrust law, and intellectual property policy in regulating industry structure and to discuss what policy reforms may be appropriate for the constantly changing digital broadband environment.
This week the Secretary of State for Health, Jeremy Hunt, announced that the Government will be investing £4.2 billion in digital health initiatives. The investment is part of the Government’s latest drive to create a “paperless” National Health Service (NHS) by 2020. The full details of the funding are still being agreed between the Department
Though the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has told organizations to expect the Phase 2 HIPAA audits soon for almost two years now, it appears that the audits truly are around the corner. Read More: ‘Tis the Season . . . to Prepare for Phase 2 HIPAA
On January 21, 2016, the Federal Energy Regulatory Commission (FERC) issued a final rule adopting seven revised critical infrastructure protection (CIP) Reliability Standards addressing cybersecurity of the electric grid, as initially proposed in July 2015. The revised standards were developed by the North American Electric Reliability Corporation (NERC), the FERC-certified Electric Reliability Organization, in response to FERC Order No. 791.
Over the past month, there have been a number of developments affecting the new DFARS Network Penetration Reporting and Contracting for Cloud Services interim rule (DFARS Case 2013-D018, published in the Federal Register on Wednesday, August 26, 2015, available here). See our previous analysis of the rule here. On Wednesday, November 18, 2015, DoD published
Yesterday we reported on the FAA’s policy shift relating to flights near people. The FAA last week made another quiet change that implicates beyond line of sight operations. While the demand for UAS continues to grow, the FAA’s current requirement that the UAS only be operated within visual line-of-sight of the operator limits the full potential of UAS for many commercial uses. Some of the most promising commercial UAS applications—precision agriculture, powerline inspections, and railroad inspections, to name just a few—necessitate flights beyond visual line-of-sight (“BVLOS”) of the operator to be efficient. “Line-of-sight” flight requires that the pilot can visually see the UAS at all times during the operation, unless another person acting as a visual observer maintains constant visual contact with the UAS.
On November 5, 2015, the Federal Communications Commission Enforcement Bureau announced a $595,000 settlement agreement with Cox Communications, Inc. to resolve an investigation into whether the company failed to properly protect its customers’ personal information when electronic data systems were breached in August 2014. According to the FCC, Cox exposed the personal information of numerous
On 9 October 2015, the China Insurance Regulatory Commission (“CIRC“) issued draft Supervisory Rules for Adoption of Information Technology by Insurance Institutions (“Draft Insurance IT Rules“) for public comment. The public comment period will close on 31 October 2015. The Draft Insurance IT Rules have been issued to replace the 2009 (Pilot) Guidance on Administration
The Federal Trade Commission (FTC) has released a copy of a letter that it sent to PayPal stating that the agency was closing an investigation into potential Telemarketing Sales Rule (TSR) violations by the company. This release provides important insights on how companies can design their user agreements to avoid TSR violations. As background, PayPal
Austin, Texas is renowned for its live music scene, clean air, college vibe … and of course its technology conferences. Two Hogan Lovells Lawyers—Bret Cohen and Lisa Ellman—have made the list of finalists for panels at the South by Southwest group of conferences this upcoming March, to talk about Student Privacy and Domestic Drone Policy.
Highlighting the intersection between government contracts, communications privacy, and class action litigation, the United States Supreme Court recently received a petition for a writ of certiorari asking it to rule on whether derivative sovereign immunity should be extended to a government contractor’s violation of the Telephone Consumer Protection Act (TCPA). The Petitioner, Campbell-Ewald Co., was
The Internet of Things raises new concerns about privacy, security and law enforcement access. Rather than develop new rules for new devices, industry experts convened during the 2014 Winnik International Telecoms & Internet Forum recommended allowing the market to try solve these challenges before the government steps in. In May 2014, the President’s Council of