We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Brazil's new regulation on international data transfers
On August 23, Brazil's data protection authority published its International Data Transfer Regulation, providing long-awaited guidelines for cross-border data transfers under the country's General Data Protection Law (LGPD). This regulation outlines new contractual instruments, allowing data controllers to legally transfer data internationally, addressing gaps that previously hindered such activities.
UK proposes 37.2% increase in data protection fees following statutory review
The Department for Science, Innovation and Technology (DSIT) announced a consultation on proposed amendments to data protection fees paid by data controllers to the Information Commissioner's Office (ICO), following a statutory review. The DSIT is proposing a 37.2% increase in fees across all tiers to address rising operational costs, while maintaining the current tiering structure, exemptions, and discounts, and seeking feedback from stakeholders by September 26, 2024.
Australia implements preliminary reforms to the Privacy Act
The much-anticipated reforms of Australia’s Privacy Act of 1988 are on to the legislative phase with the introduction of an initial amendments package to the Parliament of Australia 12 Sept. The first of what is expected to be two tranches of legislative updates mark country's latest step toward modernized privacy protections and business requirements as well as a heightened penalty scheme
Mobile apps are widely used by the French for various activities, but they pose increased risks to data privacy, especially due to access to sensitive information such as location or health data. The CNIL provides recommendations to improve data protection by clarifying the responsibilities of actors in the sector and ensuring that users give informed consent for access to their personal information.
California: AI Transparency Act signed by Governor
California's Senate Bill 942, known as the AI Transparency Act, was signed by California’s Governor Gavin Newsom. The bill mandates that providers of AI systems offer a free detection tool for users to identify AI-generated or altered content, ensuring no personal data is collected or retained from the tool's use. Additionally, the law requires that AI-generated content include clear, permanent disclosures identifying the content's AI origin, which must be upheld even by third-party licensees of the AI systems.
CNIL fines Cegedim Santé for an authorized health data processing
In September 2024, the CNIL fined Cegedim Santé €800,000 for processing sensitive health data without proper authorization. The company had collected pseudonymized, but not anonymized, data from medical software users for studies and statistics, which could lead to re-identification, thus breaching GDPR and France's data protection laws.
Danish data watchdog reports record surge in cases and breaches
The Danish Data Protection Agency (Datatilsynet) reported a record year in 2023, with 18,062 new cases, including 9,537 personal data breach notifications, the highest since GDPR reporting requirements began in 2018. The agency also saw a 28% increase in whistleblower reports, managed 2,271 supervision and complaint cases, and handled 2,889 requests for advice, highlighting its growing role in data protection oversight and education.
The USA's NIST launches a program to tackle cybersecurity and privacy risks associated with AI
On September 19, 2024, NIST launched a new program to manage cybersecurity and privacy risks related to AI, building on its existing AI Risk Management Framework. The program will focus on developing standards, guidelines, and tools to address AI-related risks such as data leakage and AI-enabled cyber threats while also exploring AI's potential to improve privacy management and cybersecurity efforts.
Guidelines for using large language models in regulatory science and medicine regulation
The EMA and HMA have released guiding principles for using large language models (LLMs) in the European medicines regulatory network to help staff understand the benefits and risks of these AI tools. The principles focus on responsible use, including data safety, critical evaluation of outputs, continuous learning, and governance, as part of a broader AI workplan to 2028 aimed at maximizing AI's potential while managing associated risks.
FDA faces the challenge of regulating generative AI in health care
The U.S. Justice Department appointed its inaugural official dedicated to artificial intelligence, addressing the significant impact AI could have on federal law enforcement and the criminal justice system. Jonathan Mayer, a Princeton University professor with expertise in technology and law, has been named as the chief science and technology adviser and chief AI officer, according to the department.
Improving biomarker-based oncology trial matching with large language models
Clinical trials for cancer treatments require precise patient eligibility information, often buried in unstructured text, with genomic biomarkers playing a critical role in matching patients to appropriate trials. A recent study published inS September 2024.
Deepwell DTX secures FDA approval for therapeutic gaming in stress and hypertension
DeepWell DTx has received FDA clearance for its biofeedback software, allowing its video games to be used as a supplemental treatment for stress and hypertension, with potential future applications in PTSD, epilepsy, and more. Co-founder Ryan Douglas explains that gaming can help people manage stress by engaging the brain in a playful state, offering a mental break and fostering positive learning experiences, which could enhance traditional therapies.
SOS médecins gets green light for city health data warehouse
SOS Médecins has received authorization from CNIL to create a city-based health data warehouse (EDS) named "Contact." The EDS will securely store patient data to improve care pathways, especially for unscheduled care. This initiative aligns with a broader national effort to build a health data warehouse for city medicine.
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.
In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.
Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.