Photo of Mark Barnes

On July 9, 2024, the White House Office of Science and Technology Policy (“OSTP”) issued highly anticipated final guidelines setting forth a framework under which academic research institutions must establish and operate formal research security programs (the “Final Guidelines”).1 These final guidelines will be critically important to research operations at universities, academic medical centers

The Courts of Justice of the European Union (CJEU) held in its July 2020 Schrems II decision that, in order for entities in other countries to import personal data from the European Economic Area (EEA), the importer must be able to provide data protections ‘essentially equivalent’ to those the EEA offers under its General Data Protection Regulation. The CJEU expressed particular concern that United States’ national security intelligence gathering laws prevent U.S.-based entities from providing such protections. This decision has sharply limited the sharing of clinical research data from the EEA to the United States. After describing the pertinent aspects of the Schrems II decision, this article evaluates U.S. national security intelligence gathering frameworks, including Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333. The article then leverages recent draft guidance from the European Data Protection Board to explain how entities may be able to adopt widely used contractual and technical measures, such as data pseudonymization, to provide ‘essentially equivalent’ protections in the clinical research context.
Continue Reading Demystifying Schrems II for the Cross-Border Transfer of Clinical Research Data

BillA group of Republican Senators have introduced a new privacy bill that would impose strict privacy obligations on contact-tracing apps operated by entities not subject to HIPAA. Most notably, the COVID-19 Consumer Data Protection Act of 2020 would obligate such entities to obtain express affirmative consent from individual consumers before using their geolocation, proximity, or personal health data.
Continue Reading Pandemic Privacy: Republican Senators Announce Plan to Introduce COVID-19 Consumer Data Protection Act of 2020

The recent novel coronavirus (COVID-19) outbreak has caused significant disruption to the global economy, and it has the potential to create a lasting impact on the business operations of companies worldwide.  We are advising our clients on several legal issues related to the situation, including workplace safety, data protection and business continuity, supply-chain disruption and more, as well as offering counsel in connection to specific challenges faced in various industries.

This list of frequently asked questions and answers provides some initial guidance on how to navigate and mitigate the challenges posed by events related to the coronavirus.Continue Reading COVID-19 FAQs