Regulations & Guidelines
Proposed American Privacy Rights Act clears US House subcommittee
On May 23, the U.S. House Committee on Energy and Commerce Subcommittee on Data, Innovation, and Commerce approved the updated American Privacy Rights Act (APRA) draft by a voice vote, advancing it to the full committee. The revised bill, released 36 hours before the markup session, includes significant changes from the initial draft introduced in April.
Italy’s revised approach to consent collection
With the reform of Article 110 of the Privacy Code, medical researchers are no longer required to submit their research projects and related impact assessments for prior consultation when informing participants is impossible, would involve disproportionate effort, or could seriously compromise study results. Instead, they must comply with specific guarantees provided by the Data Protection Authority.
US Biosecure Act
U.S. lawmakers have added more Chinese biotech and medtech companies to the list of firms posing national security risks, aiming to prevent them from doing business with the U.S. On April 3, 2024, the House’s Select Committee on the Chinese Communist Party recommended several companies, including Innomics and Axbio in California, be added to the Pentagon's list, citing potential military affiliations and undisclosed ties to BGI Genomics.
Nebraska becomes latest state to join US privacy landscape
On April 17, 2024, Governor Jim Pillen signed the Nebraska Data Privacy Act (NDPA) into law, making Nebraska the 17th state to enact such legislation. The NDPA, which includes provisions for risk assessments and various consumer rights, mirrors many of the privacy laws passed in 2024. The law will be enforced by the Attorney General and will take effect on January 1, 2025.
EDPB launches French and German versions of its Data Protection Guide for small business
The Guide offers practical GDPR compliance information to SMEs in an accessible language, featuring videos, infographics, and interactive tools to aid understanding. It covers data protection basics, data subject rights, and security measures, with plans to be available in 15 additional European languages soon.
Update on France’s Health Data Hosting Framework (HDS)
The version 2 of the HDS standards strengthens data sovereignty requirements by mandating physical data location within the European Economic Area (EEE), and promotes transparency about extra-community data access risks. It also clarifies the scope of hosting activities, reinforces transparency of hosting providers, and integrates certain updates from the ISO 27001:2022 standard.
New German Health Data Use Act - "Act on Data Utilization in Healthcare"
Germany has recently enacted the "Act on Data Use in Healthcare," aimed at advancing the healthcare system into a data-informed model and promoting research. The legislation establishes a central data hub for secure health data access and sets penalties for data misuse, emphasizing privacy and innovation.
Data Privacy Enforcement
UnitedHealth CEO attributes Change Healthcare cyberattack to lack of multifactor authentication
UnitedHealth CEO Andrew Witty testified before the U.S. Senate that the company, which owns Change Healthcare, is still determining why a server lacked additional protection, allowing hackers to launch a ransomware attack that disrupted payment and claims processing nationwide. UnitedHealth paid a $22 million ransom, is rebuilding its platform, and is providing free credit monitoring and identity theft protection, while an investigation continues into whether protected health information was exposed.
BetterHelp customers to receive refund notices following 2023 FTC privacy settlement
Around 800,000 individuals will receive notifications about refund eligibility due to a 2023 settlement between BetterHelp and the FTC. This is in response to BetterHelp's alleged use and sharing of consumers' health data with third parties for advertising purposes, without proper consent and data use restrictions.
Artificial Intelligence
US Senate AI working group releases roadmap
The U.S. Senate working group has released a 31-page roadmap for AI, prioritizing innovation and recommending investment of at least $32 billion per year while focusing on existing regulations rather than new explicit guardrails. The document encourages bipartisan legislative efforts, particularly around privacy laws, transparency requirements, and safeguarding personal data, aiming to maintain U.S. leadership in AI and ensure broad benefits for all Americans.
AI deployment: German DPAs issue guidance on data protection compliance
On 6 May 2024, the German data protection authorities (“DPAs”) issued an extensive guidance paper on the GDPR compliant deployment of artificial intelligence (“AI”) applications. Guidance offers valuable direction for businesses on selecting, implementing, and effectively utilizing AI applications.
The dangerous game of customizing Large Language Models (LLMs)
Recent research from institutions like the University of California, Mount Sinai, and Mass General Brigham reveals that while large language models (LLMs) are increasingly used in healthcare, they sometimes complicate rather than simplify doctors' workloads. These studies highlight issues such as the premature deployment leading to errors, the need for thorough testing despite the hype, and persistent challenges in applications like generating diagnostic codes and operating patient chatbots.
Medical forecasting
Multimodal AI has the potential to revolutionize medicine by integrating diverse data sources to more accurately assess risks, such as for Alzheimer’s disease. By combining blood biomarkers, genomic data, retinal imaging, electronic health records, wearable biosensor data, and environmental exposures, AI can identify high-risk individuals years before symptoms appear, enhancing early intervention and treatment development. Medical forecasting, like weather forecasting, is in the works..
Data Governance
European Health Data Space: Revolutionizing health care, scientific research in the EU
The European Parliament adopted the European Health Data Space (EHDS) regulation, with EU member states expected to approve it soon. As part of the EU's 2020 "Strategy for Data," the EHDS aims to unlock vast amounts of existing data for research and innovation while ensuring compliance with data protection laws, with similar data spaces planned for agriculture, finance, and mobility.
Biotech & Healthtech
Google’s 24 startups transforming healthcare with AI
Google AI's AI for Health Program has selected its newest cohort of 24 startups from Europe, the Middle East, and Africa. These startups are leveraging AI to enhance healthcare and advance medical research as part of the Growth initiative. Their applications include patient monitoring for specific conditions such as diabetes and psychiatric diseases, early detection of pathologies like cancer, telemedicine, and more. The expansion of AI applications in healthcare is just beginning.
Major AlphaFold upgrade offers boost for drug discovery
Google DeepMind and Isomorphic Labs unveiled the newest version of AlphaFold, taking its flagship AI model far beyond predicting the structure of a single protein. AlphaFold 3 can now predict a range of complex biological structures that include virtually any biomolecules, including proteins, DNA and RNA strands, and small molecules. A new Nature research paper, shows AlphaFold 3 producing more accurate predictions than both traditional and AI methods for structures showing how proteins interact with ligands, nucleic acids and other proteins.
Apple pushes into clinical trials with new FDA nod for Apple Watch
Apple Watch’s Atrial Fibrillation History feature became the first digital tool qualified under the Medical Device Development Tools (MDDT) program. Released in 2022, the feature estimates a user’s A-fib burden, or how much time they spend in atrial fibrillation, which is an irregular heart rhythm that can cause shortness of breath and fatigue, and is also linked to an increased risk of stroke.
Health Apps and software development kits (SDKs)
Mobile apps that fail to uphold adequate data practices have been a recurring concern dating back at least to 2014 when whistleblower Edward Snowden revealed the popular gaming app Angry Birds and others like it engaged in the surreptitious collection and disclosure of personal information. A decade later, issues over leaky apps have come to a head in the wake of increased scrutiny over one long-used tool: the software development kit.
Video,Podcasts & Books
- French Senate Hearing Featuring Mistral CEO Artur Mensch
- Decoding Pathology for Precision Medicine with Maximilien Alber from Aignostics
- Inside the EU AI Act negotiations : A discussion with Laura Carol
Our monthly readings:
- Espionner, Mentir, Détruire . Comment le Cyberespace est devenu un champ de bataille
- The Idea Factory : Bell Labs and the Great Age of American Innovation
iliomad's News
Vivatech 2024 !
We attended Vivatech 2024 and here’s a quick recap of our experience:
- Sanofi delivered a compelling presentation on structuring their responsible AI approach and deploying this technology across various business areas. This is a significant focus for many of our clients, especially Biotechs and Medtechs utilizing AI and seeking partnerships with major pharmaceutical companies.
- Pasqal’s CEO gave an insightful talk on the current state of quantum computers. It was fascinating to learn that companies are already investing in Qbit computers to explore industry applications, with Aramco recently partnering with Pasqal.
- Generative AI was a hot topic, and it was surprising to see several Legaltech companies in attendance—an area clearly in need of more innovative solutions.
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Newsletter #20
🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.
Newsletter #19
In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.
Newsletter #18
Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.
