Newsletters

Switzerland’s new Federal Act on Data Protection (FADP), effective September 2023, aligns with the GDPR but introduces unique requirements like appointing local data protection representatives. The EU-U.S. Data Privacy Framework faces potential legal challenges reminiscent of its predecessors, raising questions about its durability. In cybersecurity, healthcare remains a prime target for malware and vulnerabilities, with reports highlighting risks in medical devices and the MOVEit software breach affecting millions. Meanwhile, initiatives like the U.S. Digital Health Security project and proposed U.S. PET Research Act aim to strengthen healthcare data security and promote privacy-enhancing technologies, reflecting the growing urgency for robust protections in health and AI sectors.

The EU-U.S. Data Privacy Framework introduces provisions for clinical trials, emphasizing patient consent and transparency, while U.S.-based organizations must self-certify their compliance to participate. Rising health data privacy regulations in the U.S. and innovations like MIT’s privacy-preserving AI techniques and synthetic data strategies aim to balance data protection and utility. Cybersecurity incidents, including the MOVEit attack affecting U.S. health institutions and HCA Healthcare’s data breach impacting 11 million individuals, highlight ongoing vulnerabilities. Enforcement actions, such as the FTC’s ban on BetterHelp for sharing sensitive health data, underline the need for strict compliance and ethical data practices in the evolving privacy landscape.

The Nevada Health Data Privacy Act and the EU Data Act highlight evolving efforts to regulate data access, sharing, and privacy, with specific focus areas like healthcare and industrial data. AI governance progresses with updates to the AI Act, addressing high-risk applications and impact assessments, while international cooperation, such as the Atlantic Declaration and the EU-WHO digital health partnership, fosters innovation and privacy-enhancing technologies. Meanwhile, enforcement actions like FTC’s case against genetic testing company 1Health and ransomware attacks on biotech firms like Enzo Biochem underline the critical need for robust data protection measures in both regulatory and operational practices.

The EU continues to advance its regulatory framework with the Clinical Trials Information System (CTIS) enhancing transparency in clinical trials and the AI Act establishing obligations for AI developers and users. Digital health technologies, like wearable sensors and decentralized trials, are rising in prominence, but challenges such as the digital divide and privacy concerns persist. Enforcement actions, including the French Supervisory Authority’s fines against Doctissimo for GDPR and cookie violations, and the EU court’s prudent stance on compensation for data breaches, highlight the increasing scrutiny and accountability surrounding data privacy and security in healthcare and beyond.