In May 2022, the European Commission published a proposal to establish a European Health Data Space (“EHDS”). The Commission’s EHDS proposal aims to improve access by individuals to their health data (primary use) and facilitate the re-use of health data for societal good across the European Union (secondary use). The European Commission’s aim is to adopt the EHDS by the end of its current mandate (October 31, 2024). The European Commission expressed its hope that the provisions of the regulation will enter into force across all EU member states in 2025. Businesses operating in the health and pharma sectors should therefore carefully consider how the EHDS might affect them.

Continue Reading Health Data: European Commission Proposes new Rules on Access and Use

The much-debated Markets in Crypto-Assets (MiCA) Regulation is expected to enter into force in early 2023. MiCA is intended to close gaps in existing EU financial services legislation by establishing a harmonized set of rules for crypto-assets and related activities and services. Among other things, MiCA imposes restrictions on the issuance and use of stablecoins.  It’s part of a broader digital finance package, which, inter alia, also includes the Digital Operational Resilience Act (DORA) and the DLT Pilot Regime Regulation (which itself will start applying on March 23, 2023).

Continue Reading EU Markets in Crypto-Assets Regulation Enters into Force Soon

Tokenization is the process of taking real-world assets and having them represented by digital tokens that can be traded on a blockchain. Tokenization can be a valuable tool for automating business processes and facilitating investment in fractional portions of an asset. However, the success of any tokenization project depends on the laws applicable to the asset being tokenized and the terms and conditions governing the project. Contrary to what some might think, rights in the asset represented by a token do not generally transfer to a buyer on the sale of the token.

Continue Reading Tokenization, Ownership and Intellectual Property Rights

On 28 September 2022, the European Commission adopted proposals for two directives adapting non-contractual civil liability rules to artificial intelligence (“AI”). The proposed AI Liability Directive aims at targeted harmonization measures on civil liability for AI among the EU member states. The revised Product Liability Directive proposes adaptations to the producer’s no-fault (strict) liability for defective products that have caused damage to health or property or loss or corruption of data.

Continue Reading EU Commission Proposes New Liability Rules on Products and AI

On 7 August 2021, Germany formally ratified the Agreement on a Unified EU Patent Court (“UPC Agreement“). The ratification came after battles in recent years over the constitutionality of the ratification bill. In 2017, the German ratification was put on hold because a constitutional complaint had argued that the German law approving the UPC Agreement was passed without the required quorum of the German Parliament. After the German parliamentarians fixed their mistake and approved the draft law with a two-thirds majority on 26 November 2020, the ratification was Continue Reading Germany Ratifies EU Unified Patent Court (UPC) Agreement, but Prospects for the UPC Remain Uncertain

The German legislature (Bundestag and Bundesrat) has passed a bill that will change German patent law. The bill will enter into force soon. Under the new law, injunctions in patent infringement cases will be restricted by proportionality considerations in individual cases. Further, stronger procedural safeguards will become available for the disclosure of confidential information during patent infringement proceedings. Continue Reading Germany Passes Law to Restrict Injunctive Relief in Patent Cases by Proportionality Considerations

On 21 April 2021, the European Commission proposed a new, transformative legal framework to govern the use of artificial intelligence (AI) in the European Union. The proposal adopts a risk-based approach whereby the uses of artificial intelligence are categorised and restricted according to whether they pose an unacceptable, high, or low risk to human safety and fundamental rights. The policy is widely considered to be one of the first of its kind in the world which would, if passed, have profound and far-reaching consequences for organisations that develop or use technologies incorporating artificial intelligence.

Continue Reading The European Union Proposes New Legal Framework for Artificial Intelligence

On 13 April 2021, the European Data Protection Board (“EDPB“) adopted two opinions  (“Opinions“) concerning draft UK adequacy decisions published by the European Commission which would permit the free flow of personal data from the European Economic Area (“EEA“) to the UK in the post-Brexit world. The Opinions largely support the draft UK adequacy decisions and represent a positive step towards adoption of formal UK adequacy decisions. Nonetheless, organisations which transfer personal data from the EEA to the UK should continue to monitor the developments and keep planning for the possibility that the adequacy decisions, if adopted, could Continue Reading European Data Protection Board Issues Opinions on European Commission’s Draft UK Adequacy Decisions

In an increasingly interconnected world, preserving the free flow of data across borders is crucial to the prosperity of businesses operating in every industry. But over the last year, there have been a number of important data protection developments in Europe that have a direct impact on the supply chain and distribution arrangements operated by organizations. These developments are restricting the ways in which businesses can share personal data within their organizations and with counterparties internationally. They include: Continue Reading Data Protection Developments in Europe – Supply Chain and Distribution

A decision issued on 15 March 2021 by the Bavarian Data Protection Authority (“BayLDA”, publication pending) is the first German enforcement action in connection with last year’s decision of the Court of Justice of the European Union (“CJEU”, “CJEU’s Decision”) on the validity of the European Commission’s Standard Contractual Clauses (“SCCs”) and the EU-US Privacy Shield (C-311/18, more information available in our client alert). In the CJEU Decision, the court held that a transfer of personal data from the EU to third countries outside the European Economic Area (“EEA”) under the EU Standard Contractual Clauses will be permissible Continue Reading German Data Protection Authority Decides on Supplementary Measures for International Data Transfers