Category Archives: Legal news

Who’s Who Legal 2018: Our Life Sciences Practice in the Top Three!

Who’s Who Legal just published its 2018 rankings, highlighting the leading practitioners recognized “for their excellent work across the full spectrum of life sciences law”.

Our very own Paola Sangiovanni has been recognized among the top three most highly regarded practitioners in the life sciences legal industry in Italy. Here’s what Who’s Who Legal says about Paola:

«The “fantastic” Paola Sangiovanni at Gitti and Partners is “a truly dedicated life sciences expert”, who is considered “a great deal-maker”. Her transactional expertise in the life sciences space is in high demand, thanks to her “client-focused approach and excellent service”».

We are very proud to share such a terrific achievement with our clients and friends, and we would like to thank you all for your continued support!

Italian Data Protection Legislation Is Enacted

Finally (!), the Italian government has enacted a legislative decree that amends the existing Data Protection Code in order to ensure its compliance with the GDPR. Additionally, the Italian legislator has filled the gaps that the GDPR had left to Member States.

Here are the main takeaways in the health area:

  • Processing of health data, genetic data or biometric data requires compliance with specific protection measures (“misure di garanzia”) that will be issued by the Italian Data Protection Authority bi-annually in light of guidelines of the European Committee, of technological developments and in the interest of data circulation within the European Union.
  • Under section 9.2.g) of the GDPR, personal data relating to health can be processed when processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law. The Italian legislator has listed the circumstances under which such substantial public interest exists, i.e., inter alia:
    • administrative activities connected to those of diagnosis, assistance or health or social therapy;
    • obligations of the national health service and of subjects operating in the health area;
    • hygiene and safety tasks to be carried out on the workplace and for safety and health of the population, for protection of the population and to safeguard life and physical integrity;
    • management and assessment of health assistance;
    • social protection of maternity and abortion, addictions, assistance, social integrations and rights of disabled individuals.
  • Data protection rights of deceased individuals may be exercised by those who have act on the basis of an own interest, in protection of the interested person, or for family reasons that are worth of protection, unless – with respect of services of information society – the interested person has expressly prohibited through a written statement the exercise of such rights by third parties. Such statement must be unequivocal, specific, informed and free, and may also relate only to some of the rights. The prohibition must not prejudice the exercise by third parties of patrimonial rights arising from death of the interested person nor the right to judicial defense.
  • The prescription of drugs that do not require the indication of the name of the interested person will be subject to specific measures (misure di garanzia) also in order to control the correctness of the prescription, for administrative purposes and for the purpose of scientific research in public health.
  • Reuse of personal data for purposes of scientific research or for statistical purposes must be previously authorized by the Data Protection Authority, who can set forth conditions for the processing. Reuse of genetic data cannot be authorized. However, processing of personal data collected for clinical activity for the purpose of research by research hospitals (IRCCS, both private and public) is not deemed to be reuse.
  • Processing of health personal data for the purpose of scientific research in the medical, biomedical or epidemiological field without the patient consent is in any case subject to a favorable opinion by the competent ethics committee and a consultation with the Data Protection Authority.
  • Criminal sanctions continue to apply in case of illegal data processing and can be up to 6 years of imprisonment.
  • The Data Protection Authority has 90 days to indicate which of the measures contained in the general authorizations it already adopted are compatible with the GDPR. The ones which are not will cease to apply.

GDPR from Down Under: an Australian Perspective

We have interviewed Dr. Peytee Grusche, special counsel at the Australian law firm Russell Kennedy, to ask about her view on GDPR. Peytee assists clients in the areas of research and development, commercialisation of intellectual property, patent, trade mark and design registration and enforcement.

Do Australian companies care about GDPR, and why?

Yes, Australian companies do care about the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.  Also, if Australian businesses are recipients of personal data, then they will be caught by the provisions of the GDPR.

Have you seen significant compliance efforts?

We have had clients request advice on their privacy policies in order to update them to include compliance with the GDPR. In particular, where AU businesses are recipients of personal data advice, on standard data protection clauses and binding corporate rules.  Also, we have received instructions for advice on compliance with GDPR in respect of direct marketing practices (mailouts, newsletters etc).

How would you compare the GDPR to Australian data protection legislation?

The GDPR and the Australian Privacy Act 1988 have much in common including the requirement to show that businesses comply with the privacy principles. However, there are some differences under the GDPR which do not appear in the Australian Privacy Act 1988 including a number of rights for individuals.

Under the GDPR, individuals have the rights to erasure, right to data portability and right to restriction of processing.  The Australian Privacy Act does not include the equivalent rights to these new rights. However, it specifies that business must take reasonable steps to destroy or de-identify personal information that is no longer needed for a permitted purpose.  Additionally, where access is given to an individual’s personal information, it must generally be given in the manner requested by the individual.

What is the preferred strategy of Australian companies who face different standards in data protection legislations around the world?

In our experience, Australian companies will try to comply by adopting  an appropriate privacy policy and/or by contractual provisions to include provisions relating to relevant countries.

Thank you, Peytee!

May 25, 2018: Did You Survive the GDPR D-Day?

Last May 25 the GDPR came into force. It was hard not to notice given the inundation of emails that everyone received, as well as the clear signs of burnout in the eyes of GDPR experts.

Here are my personal top 3 takeaways from that experience:

  • The flood of data protection emails received on May 25 showed me how my data had been disseminated all over the place and archived for a really long time. I had some recollection of only a few of those who wrote me to share their most recent privacy policy (and remind me how they deeply, deeply care about privacy!), since many may have bought, inherited or just collected my data a long time ago. It reminded me that those data subjects’ rights are an empowering tool, which I intend to use more frequently in the future.

 

  • The Law (capital “L”) showed its full might and power on May 25, something which surprised even those, like me, who work with legal requirements all day every day. Look at what companies do when you threaten a 4% fine on their worldwide turnover! (Incidentally, this reminded me why politics is important and why people who are indifferent to politics are wrong: this stuff does make a difference in our lives).

 

  • The Italian authorities (mostly the government and parliament) lost yet another opportunity to be helpful to citizens. We had been waiting for a national data protection law for months, but no such law was enacted before May 25. Until that happens, Italians are supposed to assess, for each and every provision of the Data Protection Code, whether or not it conflicts with the GDPR. How practical.

GDPR: do’s and dont’s

Seminario GDPR 03052018

Paola Sangiovanni will be speaking at a seminar on GDPR on May 3, 2018 at Gitti and Partners’ office in Brescia.

The seminar, followed by a reception, will focus on DOs and DONTs for small and medium enterprises in the field of data protection.

While Italians are still awaiting the enactment of a national data protection law that will clarify the relationship between GDPR and the previous privacy legislation, GDPR compliance efforts must nonetheless continue.

Join us in this interesting seminar to find out what should be done and what should be avoided!

Weekend Reading Recommendations

Ready for the weekend? I have these article on my reading list: perhaps you, too, may enjoy some food for thought on some of the hottest topics in the fields of law and innovation:

  • A Layered Model for AI Governance”: https://cyber.harvard.edu/node/100108, on governance for artificial intelligence aimed at ensuring transparency and accountability and addressing massive information asymmetries between the developers of artificial intelligence systems and consumers and policymakers;

 

 

 

Whatever you will be reading, have a great weekend!

New Rules on Continuing Medical Education

The rules on continuing medical education (“CME”) have changed since a new agreement between the Italian government, the Italian Regions and the autonomous provinces of Trento and Bolzano has come into force on February 2, 2018. You may find the new agreement here or here (only in Italian, sorry).

The agreement is an “upgraded version” of the previous principles, which remain largely unchanged, but are now better defined, stricter and hopefully more effective.

  • THE RIGHT TO CME. Health care professionals (“HCPs”) have the right to obtaining CME and regulators will need to remove impediments in order to allow the exercise of such right.
  • ACCREDITATION OF PROVIDERS. As before, providers of CME need to be accredited, but accreditation will be subject to stricter rules, which particularly focus on avoiding any conflicts of interest. Providers will also need to adopt an internal regulation setting forth how to prevent and exclude (even potential) conflicts of interest.
  • SPONSORSHIP OF EVENTS. Sponsorship of CME events will be possible by private companies, provided that the principles of transparency, objectivity, impartiality and independence are complied with. No advertisement of medicinal products or medical devices can be carried out during the CME event, but only before, after and outside the event. No direct payments or reimbursements are allowed to speakers or moderators of the CME events.
  • NO ACCESS TO PERSONAL DATA OF HCPs. On the data protection front, note that sponsors of CME cannot have access to lists and addresses of participants, speakers or moderators.
  • SPONSORSHIP OF HCPs. Lastly, HCPs may be sponsored by commercial firms operating in the health industry, but cannot fulfil more than one third of their CME requirement through such sponsorship. This is bound to change how CME has been handled before, forcing HCPs to bear the cost of at least two thirds of their CME requirements.

Have a great weekend!

Vaccines: the Italian Constitutional Court rules in favor of mandatory vaccination imposed by national law

The polarized debate over vaccines sees the Italian Constitutional Court taking an important step into the discussion, shortly before the last notable rebellion against compulsory vaccination in Italy. Only a few days ago, in fact, the Mayor of Rome, Ms. Raggi (together with the members her Council, unanimously), approved a motion contradicting the mandatory nature of the 10 (originally 12) vaccinations, made compulsory for school-age children by a recently enacted Italian law. Nevertheless, the “rebels” in Rome probably did not take into the appropriate account the decision of the Italian Constitutional Court, which ruled in favor of the vaccines imposition under Italian law.

The Court – in deciding a constitutional challenge brought by the Veneto Region against the imposition of vaccination by the State – explains its views in a straightforward way.

First of all, the Court makes it very clear that, when it comes to vaccines, fundamental health care rights are involved and, to such regard, no difference is constitutionally acceptable between different areas of the Italian territory. In other words, when a healthcare measure is imposed by a national law in the public interest, Regions and local authorities do not have a say about it.

Furthermore, and most importantly, the Court clarifies that – also taking into account the worrisome drop in vaccination rates in recent years – the choice of tightening up legislation to compel vaccinations is not unreasonable.

True, persuasive techniques – such as the ones that Veneto Region would like to implement – can, ideally, represent a better option, but only when the herd immunity result is somehow guaranteed. Conversely, when vaccination rates drop, obligations and sanctions by law – as the California example showed – are not only reasonable (and constitutional), but much more effective.

Well, when the going gets tough, the law gets going. And that’s reasonable, Italian Constitutional Court says.

Take our Quiz on the New MoH Guidelines on Medical Device Advertisement!

On December 20, 2017, the Italian Ministry of Health has issued interesting guidelines on medical device advertisement to the general public, which you can download here (scroll to the bottom of the page).

The new rules describe DOs and DONTs in advertisement on Instagram, YouTube and Facebook and offer interesting indications on the use of a celebrity in the ads.

The basic principle remains the same: advertisement of medical devices that are subject to medical prescription (or may be used only with the assistance of medical personnel) is prohibited by Italian law. When allowed, advertisement of medical devices to the public is subject to authorization by the Ministry of Health.

Take our medical device advertisement quiz to check if you know (or can guess!) what’s new in the guidelines!

  • Can a doctor recommend a medical device in an advertisement to the general public?

No, the Ministry of Health will not authorize such advertisement.

  • What about a celebrity appearing in an advertisement message?

While the mere presence of such individual may be tolerated, no express or implied endorsement of the medical device will be authorized.

  • Can authorized medical advertisement be shared through Instagram?

Yes, but only in the “Stories” section and if users’ comments are de-activated.

  • What about Facebook?

As comments cannot be de-activated, a special disclaimer must be used in order to clarify that the Ministry of Health authorization of advertisement solely covers advertisement, while any further comments are the responsibility of users.

  • Is a medical device company allowed to email advertisement to patients?

Yes, but only if the Ministry of Health has authorized the advertisement and if the patient has expressed his/her consent (always revocable).

Holiday Reading Selection

Dear Readers and Friends,

With Christmas and Boxing days behind, you should have had your share of party time with your family and friends (if not, New Year’s is a good time to catch up).

If you are ready for some quiet time to read some interesting articles in the areas of innovation, health and the law, here is a selection of holiday reading that our life sciences group has prepared for you.

We wish you a 2018 filled with good health, great technology and interesting law!

Warm wishes from

Paola Sangiovanni, Flavio Monfrini, Marco Bertucci and Miriam Postiglione

a.k.a. the GITTI and Partners life sciences team.

**********************************************************************************