In this episode of Serious Privacy, K Royal and Paul Breitbarth provide an update on recent happenings in both Europe and the US, some of which are surprising and the other makes no waves across the ocean.
First, an unexpected agreement on the ePrivacy Regulation by the EU Members States. This does not mean that the regulation is passed - on the contrary, the Parliament and the European Commission are nearly at polar opposites. They will now enter what is called the “trialogue” where the various parties have to reach an agreement. The ePrivacy Regulation has been in discussion for years with the original intent to enter into effect alongside the EU General Data Protection Regulation (GDPR), but alas, such did not happen.
Meanwhile, there is not a draft adequacy decision for the United Kingdom - there are two. In a never-before-seen event, the EU Commission issued two draft decisions - one for the GDPR and one for the law enforcement directive. The European Data Protection Board will now issue an opinion, which is not binding. However, the interim agreement for trade between the EU and UK will expire June 30, 2021 and cannot be extended. So a decision must be made.
On the other side of the ocean, the US is seeing some movement in the Health Insurance Portability and Accountability Act (HIPAA), which does not happen often. Current proposed revisions include proposed enhancements to patient rights, but two other recent happenings include 1) a law passed (HR7898) to provide a cybersecurity safe harbor if a practice has implemented cybersecurity practices and 2) a recent safe harbor for cybersecurity tech donations. Further, they briefly reviewed enforcement waivers due to COVID 19 that have been issued by the Department of Health and Human Services.
As always, if you have comments or feedback, please contact us at [email protected].