Category Archives: Legal news

Ethics Guidelines for Trustworthy Artificial Intelligence

The perception of digital innovation is changing. The initial enthusiasm is now being replaced with a more cautious, at times skeptical, approach. If you are familiar with Shoshana Zuboff’s views on Surveillance Capitalism or, more locally, the concerns voiced by Antonello Soro, Chairman of the Italian Data Protection Authority, on the use of data, you may now be starting to question how much actual good will humanity derive from unbridled innovation.

The good news is that the European Union continues to be at the forefront of a human-centric approach to technology so that innovation can be responsible and sustainable. The GDPR, which came into force about a year ago, has brought the focus to the fundamental right to data privacy, reminding all stakeholders that the human being remains at the center of any digital innovation.

Last month the Independent High-Level Expert Group in Artificial Intelligence set up by the European Commission has issued interesting Ethics Guidelines for Trustworthy AI. The document clearly indicates that AI should lawful, ethical and robust in order to be trusted, and trustworthy. AI systems must be based on fundamental rights such as respect for human dignity, freedom of the individual, respect for democracy, justice and the rule of law, equality, non-discrimination and solidarity, and citizens’ rights. Ethical principles of respect for human autonomy, prevention of harm, fairness and explicability must be respected and any tensions between them must be duly balanced. Privacy and data governance, transparency, diversity, non-discrimination and fairness are also important requirements of the realization of trustworthy AI systems.

In conclusion, the guidelines state that “AI systems will continue to impact society and citizens in ways that we cannot yet imagine. […] Our goal is to create a culture of “Trustworthy AI for Europe whereby the benefits of AI can be reaped by all in a manner that ensures respect for our foundation values: fundamental rights, democracy and the rule of law.”

Takeaways from the EU Pharmaceutical Law Forum in Brussels

I really enjoyed attending and speaking at the EU Pharmaceutical Law Forum in Brussels this week. The event offered a number of insights into the legal challenges faced by the life sciences industry in an ever-evolving regulatory landscape. These are the main takeaways from the conference:

#1: Clearly, the political climate is not favorable to pharma and med-tech companies. A number of measures have been proposed at various levels that would significantly decrease the incentives to innovation that companies currently enjoy. Such proposed measures range from halving the term of protection for orphan drugs exclusivity to compulsory licensing of drug patents, from incentives to drug compounding by pharmacies to mandatory price reductions. The general public and the media continue to have a negative perception of the industry and the regulatory framework appears to be evolving in a restrictive way.

#2: Despite the uniform letter of GDPR throughout the Member States, interpretation of data protection rules continues to be very different throughout Europe. This is especially clear in the field of clinical trials, where there is a patchwork of legal solutions that makes it impossible to multinational corporations to adopt a consistent approach. The recent EDPB opinion on the legal basis for processing of data deriving from clinical trials has further shown that there has been a shift away from consent as the legal basis for the processing, but some countries (like Germany, Italy and Spain, for example) continue to find it hard to accept such a shift.

#3: EU harmonization is expected to occur in the coming years in a number of areas, such as off-label use, artificial intelligence and health technology assessment.

#4: Compliance efforts must be continued, but it is clear that formal compliance is not sufficient to shield a company from risks, especially reputational risks. Even when compliance safeguards are in place, the approach to reputational risks must be perfectionist, as pointed out by Ms. Alice Cabrio, compliance officer at Roche S.p.A.

Enjoy your weekend, and do not forget to celebrate the GDPR’s first birthday!

Paola Sangiovanni Will Speak in Paris on May 17

The Institut du Risk & Compliance is hosting a conference in Paris in mid May that promises to be very interesting for life sciences companies. The program will give an overview of the current legislation on anti-corruption and transparency per country.

Paola Sangiovanni will be leading a workshop titled “Ethical needs of life sciences: between statutory obligations and self-regulation“.

Have a great start of the week!

 

Clarifications on the Processing of Health Data by the Italian Data Protection Authority

The Italian Data Protection Authority has provided clarifications on the processing of health data by means of a note issued on March 7, 2019.

On the basis of section 9.2 letter h) and section 3 of GDPR, the Authority has indicated that healthcare professionals who are subject to a duty of confidentiality (or other professionals also subject to confidentiality obligations) will no longer require consent of the patient in order to process data for the purpose of providing healthcare services.

Processing of personal data beyond what is necessary to provide healthcare services will, instead, continue to require the patient’s express consent. Consent is required, for example, for the use of medical apps, for any use of personal data for marketing purposes and for the inclusion of data in electronic health records.

In any case, the patient must receive information about how her/his data will be processed (including the duration of the data processing). The Data Protection Authority clarified that such information must be concise, transparent, intelligible and easily accessible, using simple and clear language. For hospitals processing data in complex ways, the Authority suggests that information is given to interested data subjects and when necessary (mass information to all is not a good idea).

Lastly, the Authority notes that the appointment of a Data Protection Officer is required in case of large scale processing of health data, which occurs in hospitals (regardless of their public or private nature), but does not apply to individual medical professionals, pharmacies or orthopedic firms. The keeping of a register of processings, instead, remains a key requirement and a basic element of accountability and risk management in any case of health data processing.

A summary of the Authority’s clarifications can be found here.

New Grounds for Exclusion of Contractors from Public Tender Procedures

Italian Law Decree no. 135 of December 14, 2018, titled “Urgent provisions on support and simplification for businesses and public administration” (so called “Decreto Semplificazioni”), which this blog already discussed here, has also an impact on the Public Contracts Code (Legislative Decree No. 50/2016).

Inter alia, section 80 of the Public Contracts Code on “Grounds for exclusion” has been amended and three new type of circumstances triggering exclusion have been established:

  • exclusion from participation in the tender procedure when “the contracting authority demonstrates by appropriate means that the economic operator has been guilty of serious professional offenses, such as to make his integrity or reliability questionable “; (letter c)
  • exclusion from the tender when “the economic operator has attempted to unduly influence the decision-making process of the contracting authority or obtain confidential information for the purpose of its own benefit or provided, even by negligence, false or misleading information likely to influence the decisions on exclusion, selection or award, or omitted the information required for the proper conduct of the selection procedure“; (letter c-bis)
  • exclusion also in the further case where “the economic operator has demonstrated significant or persistent deficiencies in the execution of a previous public contract that have caused the termination of the contract due to non-compliance or a judgment ordering damages or other comparable sanctions ” (letter c-ter).

With specific reference to this latter c-ter), we note that it has modified the previous provision according to which among the serious professional offenses there are “significant deficiencies in the execution of a previous public contract that have caused the termination of the contract, not challenged in court, or confirmed as a result of a judgment (..)“.

Therefore, according to the new art. 80, par. 5, let. c-ter) of the Public Contract Code, a candidate may be excluded from the public tender in the presence of a previous contractual termination with a public authority, even if challenged in court and still pending before the judge. The point has also been recently confirmed by the sentence of the T.A.R. Marche-Ancona, January 15, 2019, n. 32.

Agreement Reached on the European Copyright Directive

An agreement has been reached on the much discussed European Directive on copyright. http://europa.eu/rapid/press-release_IP-19-528_en.htm. In a race against time to close the dossier by the end of the legislature, in the late evening of February 13, the Parliament, the Commission and the Council of the European Union have finally found an agreement on the copyright directive, which this blog already illustrated https://lawhealthtech.com/2018/09/24/copyright-european-legislation-getting-ready-for-the-digital-era/ .

The vice president of the European Commission immediately tweeted «Europeans will finally have modern copyright rules fit for digital age!». Supporters insist that the new provision will guarantee rights for users, fair remuneration for creators and clarity of rules for platforms. On the other hand, the opposition, stronger than ever before, wants to prevent the imminent change of the internet as we know it.

The highest expectations, placed on the trilogue, concerned the much debated articles 11 and 13, and these have reported to be the outcomes:

  • With regard to the publishers rights, the new version of article 11 sets forth a general need to get a license for the online use of publishers’ press publications, with the only exception for the use of «individual words or very short extracts». According to the Commission, mere hyperlinks and snippets are, therefore, not included in the reform. However, how short should be a “very short extracts” is still to be understood.
  • With regard to the use of protected content by online content sharing services provider, online platforms should obtain a preemptively authorization from the right holders, concluding licensing agreements (where online platform is defined as «a provider of an information society service whose main or one of the main purposes is to store and give the public access to a large amount of works or other subject-matter uploaded by its users which it organizes and promotes for profit-making purposes»). Indeed, an exception has been created for small online platforms, which will not be subject to the abovementioned obligation if they: have been available to the public for less than three years; have an annual turnover below 10 million of euro; and have less than 5 million of visitors.

In the other cases, if no authorization is granted, sharing services providers shall be liable for unauthorized acts of communication unless they demonstrate not only to have made the best efforts to obtain the authorization, but also, in accordance with high industry standards of professional diligence, to have made the best efforts to ensure the unavailability of specific works, as well as to have acted expeditiously to remove the content, after receipt of a notice from the right holders.

We will see if the agreement will survive until the finishing line or if the vote of the European Parliament, scheduled for March-April, will block the text once again, as, unfortunately, already happened.

What the Implant Files Are Not Telling

The investigation.  The “Implant Files” is a global investigation carried out by reporters in 36 countries under the lead of the International Consortium of Investigative Journalists (https://www.icij.org/investigations/implant-files/). The project, which attracted significant worldwide attention over the last few weeks as articles and reports were published, purported to show how the medical device industry failed to place on the market safe products and ultimately harmed a significant number patients.

Regrettably the way the investigation has been reported by several media outlets and the conspiracy theories underlying certain articles leave the readers without a clear understanding of the issues on the table and the policies behind the current regulatory framework.

The approval process.  For instance,  while the investigation was conducted globally, many articles published by European consortium members focused their attention on the lack of a centralized authorization procedure for the marketing of medical devices in the EU and argued that a loose regulatory framework enabled manufacturers to sell unsafe devices on the European market.

The absence of a centralized marketing authorization procedure for medical devices in Europe is depicted as a failure of European lawmakers, influenced by the medical device lobby. However, none of the articles reporting on the investigation provides readers – who may not be familiar with the authorization process – a clear and complete picture of the rationale and public healthcare policies behind the current regulatory framework. Most notably, the Implant Files investigation fails to explain the benefits for patients of a faster launch of innovative devices on the market. Neither they show any meaningful and documented difference in terms of patient safety between the EU and the US, where a centralized authorization procedure administered by the FDA is in force. The fact that the investigation concerns the US as much as the rest of the world is probably a good indication that the type of approval procedure does not per se guarantee patients’ safety and an effective healthcare system.

The new regulation.  As to the timing of the investigation, it comes at a moment of transition when the new EU medical device regulation has already been enacted but has not yet begun to unfold its innovative potential in the industry.  Yet, the Implant Files investigation seems to assume that the new regulation will have no impact on the industry and the approval/vigilance system as a whole. The investigation does not really delve into the changes and improvements brought by the new regulation, which has in fact already addressed many of the issues raised by the Implant Files. Among such innovations, new and improved vigilance measures and an increased accountability for notified bodies should be certainly taken into consideration.

Further, the investigation neglects the public discussions and exchanges that occurred throughout the EU (and the world) in the years that preceded the enactment of the new regulation, when the truth is that its provisions have been at the center of the public healthcare discourse for years, have been debated among experts, stakeholders and lawmakers in full transparency, have been reported by newspapers and specialized media. The alleged “scoop” seems a few years late.

The current vigilance system.  Lastly, one of the major flaws of many articles reporting on the investigation is that they give readers the idea that no meaningful vigilance system exists today. This is of course not correct. Italy, for instance, has a long-standing nation-wide register of approved medical devices marketed in its territory kept by the Ministry of Health. The same Ministry transparently shows on its website all safety notices and field actions carried out in Italy. The tool is easily searchable and can be found on the very first page of the medical device directorate’s site. 

Not only the Implant Files investigation failed to accurately report the existing vigilance and transparency measures, but created their own medical device database, allegedly aimed at providing the public with full access to data submitted by patients and reporters. 

Does the Implant Files investigation really benefit patients?  At the moment one cannot but wonder if this project really does provide patients with complete, accurate and independent information that can be useful for their health and wellbeing.

Is a public database, entirely managed by a private consortium, really empowering patients? How the database is managed, how the uploaded information is vetted and updated, for which purposes the uploaded information can be used by patients? Shouldn’t we work on improving a public, transparent system, managed by officers and professionals who have the scientific and regulatory expertise that is needed to address all issues involved, rather than building on a new, uncontrolled and unaccountable tool that could potentially distort patients’ behavior? The media would do a better service to the public opinion by giving a balanced, informative and articulate picture of the facts, rather than spreading sensationalistic news that would make anyone with an implanted device panic (and click on the article!).

 

Therapeutic cannabis in Italy: business opportunities

Italy’s only authorized medical cannabis facility is currently controlled by the military. However, the production site, located in the Florence area, cannot keep up with the increasing demand, creating shortages for patients and barriers to its prescription by physicians (whose patients are unlikely to be able to obtain the quantities needed).

As Colonel Modica of the Italian Military recognizedThe health ministry and the defense ministry are trying to fix the shortfall because there’s been a huge increase in cannabis prescriptions and the number of patients who need them”.

Meanwhile, pressed by the patients’ associations, the Italian Health Care Ministry Giulia Grillo announced not only the increase of import of therapeutic cannabis products from the Netherlands (to cover the short-term shortages), but also the start of a longer-term project, eventually leading to the creation of a public-private partnership for the production of cannabis. “An invitation to present expressions of interest will be published in order to increase the production of therapeutic cannabis“, Ministry said. Although underlining that an appropriate time frame will be needed in order to implement the project, the Ministry confirmed that the cannabis production activity is “of great interest for both the Defense and the Public Health Care” and crucial in order to satisfy the increasing needs of both domestic and foreign markets.

The increase in the domestic production of therapeutic cannabis, along with the overall demand for it, appears to be inevitable.

On the other hand, the boom of “light cannabis” products in Italy (i.e., containing THC in a percentage lower than 0.2 and, therefore, expressly declared legal in Italy starting from January 2017) seems to have encountered some obstacles lately.

The Advisory Board of the Italian Health Care Ministry (Consiglio Superiore di Sanità) issued a report last spring, recommending the adoption of measures aimed at prohibiting the sale of light cannabis products.

In addition to that, an internal note of the Ministry of Home Affairs, recently made public, promoted a zero-tolerance approach and a strict application of the relevant laws and regulations. Such steps have caused great uncertainty and concerns amongst those who have invested in what came to the media’s attention in 2017 as a State-backed business.

Hence, the latest developments relating to therapeutic cannabis in Italy indicate that new business opportunities for both exporters and producers of cannabis-based prescriptions are likely to be offered in the Italian market. Conversely, serious questions can be raised in connection to the light-cannabis boom, in view of the inconsistent approach recently taken by Italian authorities.

Tax Crimes Will Trigger Criminal Liability of Corporate Entities

As a result of the so called “PIF Directive”, starting from July 2019 criminal corporate liability under Italian law 231 may be triggered by tax crimes, too.

(If you are not overly familiar with the principles of Italian 231 legislation on criminal liability of corporate entities, perhaps you may start here.)

Under Italian 231 law, corporations are subject to criminal (rather, quasi-criminal) liability when certain specific crimes are committed in their interest or to their advantage. So far, such crimes have never included tax crimes, although the issue had been widely debated and several court decisions had attempted to combine other types of crimes with tax crimes (the Supreme Court had always disagreed, though).

Now, the PIF Directive, which Member States must implement by July 6, 2019, “establishes minimum rules concerning the definition of criminal offences and sanctions with regard to combatting fraud and other illegal activities affecting the Union’s financial interests, with a view to strengthening protection against criminal offences which affect those financial interests.” Liability of legal entities must be foreseen by national legislation and serious offenses against the common VAT system must be punished.

The Italian legislator will thus need to introduce such serious VAT crimes (i.e., having a value in excess of 10 million euros) in the list of crimes triggering corporate liability. This, in fact, may open the door to other tax crimes as a basis of 231 liability of corporate entities.

ECJ on the Applicability of Public Procurement Rules

I have been asked to comment on the European Court of Justice decision of October 18 relating to the application of public procurement rules to a drug supply arrangement between a privately owned hospital and a public hospital.

The decision can be found here and the full article here.