All posts by Paola Sangiovanni

About Paola Sangiovanni

Partner of GITTI and Partners. Seasoned transactional and regulatory legal counsel with a thorough understanding of the life sciences industry.

EU Policies for the Digital Age

Confused about the Digital Service Act, the Digital Markets Act, the Data Governance Act and the Data Act? My recent article tries to make sense of all of them:

https://www.mondaq.com/italy/data-protection/1195638/an-overview-of-the-european-union-laws-and-policies-for-the-digital-age

The article also explains that the European Union has a strong vision on principles and policies for the digital age and aspires to a worldwide leadership role in the governance of digital phenomena.

3.5 Million Fine for Excessive Pricing Imposed on Pharma Company by Italian Anti-Trust Authority

On June 6, 2022 the decision of the Italian Anti-Trust Authority sanctioning Leadiant Biosciences was published. The investigation, which started in 2018, was concluded with an administrative sanction of over 3.5 million for abuse of dominant position.

The Italian Anti-Trust Authority held that the price negotiated with the Italian medicine agency (AIFA) was excessive and unfair on the basis of the following elements:

(i) Leadiant is a monopolist on the market and its orphan drug based on chenodeoxycholic acid (CDCA) is life saving;

(ii) Leadiant intentionally pursued a complex strategy aimed at increasing the price of CDCA;

(iii) Through an exclusive supply agreement with the only reliable supplier of CDCA, Leadiant blocked any galenic manufacturing of CDCA by hospitals;

(iv) Leadiant artificially differentiated CDCA from another drug (a cheaper medicine based on the same active substance as CDCA used off label since it had a difference therapeutic indication); and

(v) Leadiant intentionally delayed negotiations with AIFA, which ended up lasting 2.5 years.

The anti-trust investigation concluded that the drug price was (a) disproportionate compared to the aggregate costs incurred and (b) unfair given the nature of the product, the investments in research and development, the risk of registration and its added therapeutic value.

The above decision taken by AIFA is still subject to appeal by Leadiant. At the same time, anti-trust authorities in Belgium and Spain are investigating Leadiant’s conduct, while the Dutch authority has already issued a sanction.

The European Health Data Space

On May 3, 2022 a Proposal for a Regulation on the European Health Data Space has been published. The proposed European Health Data Space draws from the premise that access and sharing of health data within and across Member States is difficult due to the complexity and divergence of rues, structures and processes. The European Health Data Space aims at harnessing the power of health data for people, patients and innovation by pushing towards health data science that will transform public health and foster innovation, while empowering individuals to take control of their health data. This proposed legislation is also a product of the Covid-19 pandemic, where the role of up-to-date, reliable and FAIR health data (i.e., data that is based on principles of Findability, Accessibility, Interoperability and Reusability) have been key in responding to the crisis and developing cures and vaccines. The ultimate goal is to build a European Health Union[1] that would strengthen resiliency of health systems and deliver to each Union citizen.

The European Health Data Space Communication supports both primary and secondary use of health data. With regard to primary health data, patients will have their health data available through access points established by Member States, but connected through a cross-border digital infrastructure, will be able to control and share their health data and mandatory requirements on interoperability, security, safety and privacy will apply. Electronic health record systems are subject to mandatory self-certification schemes, which must comply with essential requirements related to interoperability and security. The European Health Data Space promises to “make continuity of care across EU a reality[2].

Secondary use of data (i.e., health data used for research, innovation and public health) will also be supported by a European framework. Permit to use the data will obtained by health data access bodies, designated by Member States, which will establish how the data will be used and for which purposes (charges may apply), but always requiring closed secure environments, anonymous or pseudonymised data and transparency in their use. The platform HealthData@EU will facilitate cross border studies.

Governance of the European Health Data Space will be up to a new body, named European Health Data Space Board, chaired by the Commission. The Communication does not forget that investments in digitalization are costly and has made available 810 million euros to support the European Health Data Space.

Benefits of the European Health Data Space are expected for citizens, health professionals, researchers, regulators and policy-makers and for the industry.


[1] Bucher, A. (2022) ‘Does Europe need a Health Union?’ Policy Contribution 02/2022, Bruegel

[2] See page 12 of https://ec.europa.eu/health/publications/communication-commission-european-health-data-space-harnessing-power-health-data-people-patients-and_en

CAN COMPLIANCE BE AUTOMATED?

If you are working in the field of compliance, you know how grueling the compliance process can be. Rules need to be decided, written, communicated to employees and third parties, who need to be trained on such rules. Then, the company needs to find out if the rules have been breached and sanction those who breached them. This is how law works in general, so the various phases of the process are not surprising. It is also a largely imperfect method, which can become overly complicated in companies where internal rules are pervasive and complex.

Wouldn’t it be wonderful if the whole process could be governed by digital means? And I am not talking about placing all your compliance material in one big digital repository (something obviously useful, but not inherently changing the nature of the process). Imagine a company built on the principle of compliance-by-design, where the behavior of employees is limited by external tools that simply do not allow non-compliant conducts. (For example, if you place digital limits on banking payments, you will not need to convince employees that they cannot exceed certain payment limits, since the digital code would directly enforce such payment thresholds and the only way to circumvent them would be to hacker the banking program.)

Certain Scholars have seen in blockchains an opportunity for compliance programs and organizational models pursuant to legislative decree 231/2001. Under 231 Italian legislation an entity is punished for not having set up sufficient organizational measures to prevent the commission of a certain crime: in theory, a digital prevention system may be an ideal tool to prevent crime commission with the utmost diligence. If you look for automated solutions online, you will find heaps of offers that promise that compliance will be made easy: the RegTech phenomenon is already well established and generating huge revenues.

I am generally a fan of innovative solutions, but I question how much effort is required in translating compliance information into digital rules. As anyone who deals with artificial intelligence may confirm, the process is generally neither quick nor cheap.

I also wonder whether the field of compliance, based on ethical principles, and therefore inherently human centric, can benefit from a full digitalization. Some have warned against the risk of “brutalization of a workplace relations and worry that digital compliance systems “imitate predictive policing”.

Compliance requires sophisticated human judgment, and 0/1 binary codes are not always appropriate to automate complex decisions on human interactions based on ethical principles.

New Rules on Non-Profit Studies

Non-profit clinical studies have a new source of regulation: the Ministry of Health November 30, 2021 decree (“Non-Profit Decree”), repealing the December 17, 2004 decree.

The Non-Profit Decree applies to:

  • low-intervention clinical trials;
  • observational trials;
  • non-profit clinical trials provided that the following conditions apply:
    • The trial is not aimed at industrial or commercial developments of drugs;
    • The sponsor is a non-profit entity (if non-profit and profit sponsors coexist, then the trial falls outside the scope of the Non-Profit Decree);
    • The sponsor does not have title to the marketing authorization of the trial drug, nor has any economic relationships (cointeressenze) with the marketing authorization holder;
    • Data and results of the trial, as well as decisions over their publication, are exclusively of the sponsor.

The main novelty of the Non-Profit Decree is the possibility that sponsors of non-profit trials transfer the relating data and results, both in the trial phase and once the trial is completed, for registration purposes. Such transfer must be governed by a contract between the promoter and the transferee, the consideration of which is identified by a patent consultant jointly identified by the parties.

In the event of a transfer:

  • The transferee becomes the data controller of the trial data;
  • Costs associated with the trial, as well as fees due to AIFA and the competent ethics committees, which were waived in light of the non-profit status of the trial, must be paid; and
  • The proceeds of the transfer are allocated in favor of the sponsor (50%), a non-profit trial fund (25%) and a an AIFA fund (25%).

The transfer must be notified by the promoter to AIFA, the competent Ethics Committee and the trial centers involved.

The Non-Profit Decree also sets forth that observational studies require prior approval by the competent ethics committee and that AIFA will adopt new guidelines for the classification and conduct of observational studies on drugs.

In case of any non-profit trial on a study drug, the pharmaceutical company having title to the drug must share with the sponsor an updated copy of the drug dossier and any safety data on the trial drug must be shared between the pharmaceutical company and the sponsor.

The Non-Profit Decree opens new opportunities for non-profit sponsors: it remains to be seen if there will be an appetite to purchase data by private entities and if a price set forth by an independent expert will be an effective mechanism.

Re-Use of Research Data

It may now be easier for private companies to re-use research data generated by the public sector. Thanks to Italian legislative decree no. 200 of 2021 implementing Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information, re-use of research data – whether for commercial or non-commercial purposes – may be carried out so long as intellectual property rights and privacy rights are respected.

In other words, if research data is anonymized and does not include intellectual property, free re-use is possible whenever such research data is generated from public funding and made available by researchers or research institutions through public data bases. Research data must comply with Findability, Accessibility, Interoperability, Reusability (FAIR) principles.

What is “research data”? Research data means “documents in a digital form, other than scientific publications, which are collected or produced in the course of scientific research activities and are used as evidence in the research process, or are commonly accepted in the research community as necessary to validate research findings and results”.

Are you in need of an example? “Research data includes statistics, results of experiments, measurements, observations resulting from fieldwork, survey results, interview recordings and images. It also includes meta-data, specifications and other digital objects. Research data is different from scientific articles reporting and commenting on findings resulting from their scientific research” (whereas no. 27 of the 2019/1024 Directive).

Certain scholars have pointed out how the principle of scientific open data is framed in terms that are too restrictive and continue to clash with intellectual property rights, database and algorithm protection.

While the push for reuse of research data may appear timid at this point in time, the EU seems in any case determined to continue its open data agenda through the Data Governance Act.

Only 1 Week until Go Live of EU-Wide Clinical Trials Information System

Remember the Clinical Trials Regulation? Much time has passed since its publication in 2014. No worries if your memory fails you: we have discussed the Clinical Trial Regulation at length in this article appeared on the Indian Law Journal of Law and Technology. If you prefer a shorter summary, you may read here what the European Medicines Agency has prepared for you.

The actual entry into force of the Clinical Trials Regulation depended on confirmation of full functionality of the Clinical Trials Information System (CTIS) through an independent audit, which occurred on April 21, 2021. Now, the go-live date for the CTIS will be on January 31, 2022. Information on the go live planning can be found here.

The Clinical Trials Regulation was born to address the prior directive’s shortcomings, and particularly to target the goals of harmonization and simplification in this field, also with a view of making Europe a competitive region in the global clinical trials market. Good luck to the CTIS: we hope the Clinical Trials Regulation keeps its promises!