Tag Archives: innovation

Processing of personal and health data through apps and online platforms aimed at connecting HCPs and patients: the new digest of the Italian DPA

Legal news, , , , , , , , , , , , , , , , , , , , , ,

On March 2024, the Italian Data Protection Authority (“Italian DPA”) has issued a new digest (“Digest”) relating to the processing of personal data, whether or not concerning health data pursuant to section 9 of the GDPR, carried out through the utilization of platforms, accessible through apps or web pages (“Platforms”), that aim to facilitate connection between healthcare professionals (“HCPs”) and patients.

The use of such Platforms poses high risks to the protection and security of patients’ personal data, and in particular health-related data, given that the latter are subject to an enhanced protection regime set forth by section 9 of the GDPR. 

The Digest seeks to summarize the applicable data protection rules that may be followed, and defines the roles of the parties, as well as the legal bases, applicable to (i) the processing of personal data of the users by Platform’s owners; (ii) the processing of HCP’s personal data by Platform’s owners; and (iii) the processing of health data of the patients by the Platform’s owner and by the HCPs.

Additional guidance is provided as to:

  • The necessity for the Platform’s owner to carry out (and periodically update) a data protection impact assessment (DPIA) pursuant to section 35 GDPR, since the use of Platforms determine a “high risk” processing of personal data, as such kind of treatment automatically meets the criteria issued by the European Data Protection Board for the identification of the list of data processing that may be deemed subject to the duty to perform a DPIA;
  • Which information notices should be provided, by who and to whom, as well as the contents that such information notices should have in each case, according to sections 13 and 14 GDPR;
  • The specific rules applicable to cross-border data transfers and data transfer to third countries.

Lastly, the Digest includes a list of the most common measures that are taken by the data controllers to ensure an appropriate level of technical and organizational measures to meet the GDPR requirements, such as encryption, verification of the qualification of the HCPs that seek to enroll within the Platform; strengthened authentication systems, monitoring systems aimed at preventing unauthorized access or loss of data.

The Digest should be very welcomed by the Platform’s owners, as it now gives a reliable and complete legal frame that may be followed in order to set up a Platform in a way which is compliant with the GDPR principles.

The Data Act: a New European Regulation on Data Sharing in the EU

Legal news, ,

Today, January 11, 2024, marks the entry into force of EU Regulation 2023/2854, better known as “Data Act”.

The new regulation sets forth new rules on B2B and B2C data access and provides a regulatory framework for sharing data generated by the use of connected devices and related services. In addition, the Data Act contains measures to restrain economic operators from abusing contractual imbalances in data-sharing contracts.

The new regulation’s declared goals are to:

  • stimulate a competitive and fair data market;
  • foster data-driven innovation;
  • boost data accessibility;
  • make it easier to switch between data processing service providers;
  • protect data from unlawful transfers;
  • develop interoperability standards for data to be reused between sectors.

Art. 50 of the regulation provides that the new set of rules shall apply from September 12, 2025; however, certain articles, shall apply at a later stage.

GARANTE VS. CHATGPT: LATEST DEVELOPMENTS

Legal news, , , , , ,

1. An Order to Stop ChatGPT

On March 30, 2023 the Italian Data Protection Authority (“Garante”) issued an order by which it temporarily banned the ChatGPT platform (“ChatGPT”) operated by OpenAI LLC (“OpenAI”). The Garante in fact regards ChatGPT as infringing Articles 5, 6, 8, 13 and 25 of the GDPR. In particular:

  • No Information.  OpenAI does not provide any information to users, whose data is collected by OpenAI and processed via ChatGPT;
  • No Legal Basis.  There is no appropriate legal basis in relation to the collection of personal data and their processing for the purpose of training the algorithms underlying the operation of ChatGPT;
  • No Check of User’s Age.  OpenAI does not foresee any verification of users’ age in relation to the ChatGPT service, nor any filters prohibiting the use for users aged under 13.

Given that, the Garante has immediately banned the use of ChatGPT, and OpenAI has blocked the access to ChatGPT to the Italian people.

2. Measures Offered by OpenAI

On April 11, 2023, in light of the willingness expressed by OpenAI to put in place measures to protect the rights and the freedom of the users of ChatGPT, the Garante issued a new order, which opened the possibly to re-assess ChatGPT if OpenAI adopts the following measures:

  1. to draft and publish an information notice to data subjects, which should be linked so that it can be read before the registration;
  2. to make available, at least to data subjects who are connected from Italy, a tool to exercise their right to (i) object, (ii) obtain a rectification, insofar as such data have been obtained from third parties, or (iii) the erasure of their personal data;
  3. to change the legal basis of the processing of users’ personal data for the purpose of algorithmic training, by removing any reference to contract and instead relying on consent or legitimate interest;
  4. to include a request to all users connecting from Italy to go through an “age gate” and to submit a plan for the deployment of age verification tools; and
  5. to promote a non-marketing-oriented information campaign by May 15, 2023 on all the main Italian mass media, the content of which shall be agreed upon with the Italian Authority.

OpenAI has until April 30, 2023 to comply (until May 31, 2023 to prepare a plan for age verification tools). The objections by the Garante have been echoed by other European Union data protection authorities. The European Data Protection Board will be attempting to solve the dispute within two months and launched a dedicated task force on ChatGPT “to exchange information on possible enforcement actions conducted by data protection authorities”

Paola Sangiovanni to Speak on Artificial Intelligence

Legal news, , , , , ,

Our firm will be attending the EMEA Regional Meeting of Ally Law in Malta next week and on Friday November 15th I will be speaking at a panel discussion titled “Keeping an Eye on AI: Ethical and Regulatory Considerations.” 

Artificial intelligence is a hot topic, also in the med-tech field, and poses exciting legal, ethical and regulatory questions. I am sure this will be an interesting opportunity to discuss them with legal and technical experts. 

 

Holiday Reading Selection

Legal news, , , , , , , , ,

Dear Readers and Friends,

With Christmas and Boxing days behind, you should have had your share of party time with your family and friends (if not, New Year’s is a good time to catch up).

If you are ready for some quiet time to read some interesting articles in the areas of innovation, health and the law, here is a selection of holiday reading that our life sciences group has prepared for you.

We wish you a 2018 filled with good health, great technology and interesting law!

Warm wishes from

Paola Sangiovanni, Flavio Monfrini, Marco Bertucci and Miriam Postiglione

a.k.a. the GITTI and Partners life sciences team.

**********************************************************************************

Healthcare, Technology and Malpractice in 2030

Legal news, , , , , , , , , ,

The “Home-Spital” of 2030.

I have enjoyed reading this article on what healthcare may look like in 2030 (in wealthy countries, may I point out). The author of the article says goodbye to the hospital, while welcoming the “home-spital”. She imagines that technology (think driverless cars and robot workers) will help us live in a safer world. Technology will also help preventing certain diseases. Regenerative options will slow down ageing. “You will go to hospital to be patched up and put back on track. Some hospital practices might even go away completely, and the need for hospitalization will eventually disappear. Not by 2030, but soon after”, she predicts.

Healthcare and Technology will be Increasingly Intertwined.

Telemedicine may become so pervasive that hospitals may be empty of patients and filled with patients’ data, continuously fed through wearable patient-monitoring devices or all kinds of sensors. Hospitals may become bio-printing laboratories, where 3D printers will manufacture organs, tissues and bones on demand.

It is somewhat uplifting to imagine that medicine may become so technologically advanced, so personalized and so effective, and health so plentiful. Others, however, warn against the threat of a de-humanized medicine that will solely rely on machines and will be unable to offer a human side to suffering individuals.

Will Technology Render Doctors Error-Free?

While this new world will pose issues of privacy, data security and fraud, will it solve the problem of malpractice? What will be the role of doctors in 2030? Will technology eradicate human error?

Technology is already helping doctors in many ways: drugs, devices, diagnostic instruments are now less harmful, more precise and a lot more effective. Watson computer is assisting oncologists finding the appropriate cure. Simulators helps doctor in their training and in performing surgical procedures. Checklists, protocols and guidelines can be embedded in the doctors’ routine so as to limit, recognize or avoid repetition of human error. We can foresee a world of doctors who follow protocols embedded in devices, leaving less room for deviation from standard practice, but also from mistakes: a computerized doctor, almost. Will this make doctors error-free?

Of Course, Technology can be a Source of Error, too.

The idea of technological devices that are perfectly designed and always perfectly functioning is false, as any product liability lawyer knows. Even the best technology is subject to faulty design of a whole line of products, or faulty manufacturing of a single product.

Malpractice and Product Liability Litigation may Merge in 2030.

Litigation may simply become more complex. In fact, doctors will be sued by patients along with creators of health apps, health data centers, data carriers, device or drug manufacturers, subjects who feed data to 3D printers or who analyze and monitor data processed by devices. It will be increasingly harder to disentangle doctors’ negligence with liability of med-tech, diagnostic or pharma companies. Litigation will rely even more heavily on the opinion of court appointed experts, who will need to be a panel of specialists with bioengineering, medical and information technology skills.

Two classes of doctors will probably emerge, even more distinctively than before: doctors who follow protocols suggested by computers, whose tasks will become closer to those of paramedics, and doctors engaged in research who write protocols that will bind other doctors. The first class will probably see a reduction in its freedom to make medical choices, but may be increasingly shielded from medical malpractice litigation. The protocol-writing doctors will work even more closely with the industry that designs, tests and manufactures medical technology.

Watch Out for the Paradox of Automation!

As this very interesting article (based on an analysis of the 2009 crash of Air France Flight 447, which killed 228 people) suggests, the so called “Paradox of Automation” could come into play. Tim Harford, the author, explains it as follows: “First, automatic systems accommodate incompetence by being easy to operate and by automatically correcting mistakes. Because of this, an inexpert operator can function for a long time before his lack of skill becomes apparent – his incompetence is a hidden weakness that can persist almost indefinitely. Second, even if operators are expert, automatic systems erode their skills by removing the need for practice. Third, automatic systems tend to fail either in unusual situations or in ways that produce unusual situations, requiring a particularly skilful response. A more capable and reliable automatic system makes the situation worse.

Technology that babysits doctors may ultimately weaken their skills. While automated devices may limit small errors, they may “create the opportunities for large ones”.

Conclusions.

Technology surely helps, who could deny that? But a messianic hope that technology will propel us into a risk-free, error-free and… malpractice-free world is a simplistic approach that is plain wrong.

Artificial intelligence and robotics: a report reflects on legal issues

Legal news, , , , , , , , , , , , , , ,

With its report issued on May 31, 2016 by the European Parliament (“Report”), the European Union has stepped into the debate on how to deal with artificial intelligence and robotics (“AI&R”). The ultimate goal of the European Parliament is to set forth a common legal framework that may avoid discrepancies arising from different national legislations, which would otherwise create obstacles to an effective development of robotics.

The Report introduces ethical principles concerning the development of AI&R for civil use and proposes a Charter on Robotics, composed by a Code of Ethical Conduct for Robotics Engineers, a Code for Research Ethics Committees and Licenses for Designers and Users.

Furthermore, the Report suggests the creation of a European Agency for AI&R, having an adequate budget, which would be able to generate the necessary technical, ethical and regulatory expertise. Such agency would monitor research and development activities in order to be able to recommend regulatory standards and address customer protection issues in these fields.

The Report, which recommends to the Commission to prepare a proposal of directive on civil law rules on robotics, illustrates many of the issues that society could face in a few decades regarding the relationship between humans and humanoids. In fact, a wide range of robots already can, and could even more in the future, affect people’s life in their roles as care robots, medical robots, human repair and enhancement robots, doctor training robots, and so on.

A further development that may be concerning for lawyers is connected to the announcement, a few days ago, by the University College London that a computer has been able to predict, through a machine-learning algorithm, the decisions by the European Court of Human Rights with a 79% accuracy. Will this result in a more automatic and predictable application of the law?

In order to secure the highest degree of professional competence possible, as well as to protect patients’ health when AI&R is used in the health field, the Report recommends to strengthen legal and regulatory measures such as data protection and data ownership, standardization, safety and security.

One concern arising from the Report is civil liability arising from the use of robots. Should the owner be liable for damages caused by a smart robot? In fact, in the future, more and more robots will be able to make “smart” autonomous decisions and interact with third parties independently, as well as cause damages by their own. Should such damages be the responsibility of the person who designed, trained or operated the robot?

Some argue in favor of a strict liability rule, “thus requiring only proof that damage has occurred and the establishment of a causal link between the harmful behavior of the robot and the damage suffered by the injured party”.

The Report goes even further by asking the Commission to create a compulsory insurance scheme for owners and producers to cover damage potentially caused by robots and a compensation fund guaranteeing compensation for damages, but also allowing investments and donations in favor of robots.

Exciting times lay ahead of us. It remains to be seen if the current legal principles will be sufficient or if new ones will actually be necessary.

Legal Issues 4.0: what approach suits innovation better?

Legal news, , , , , , , , , , , , , , , , , ,

The fourth industrial revolution is undoubtedly on the bull’s eye of international and domestic economic discussions. To name just one of the major events that recently focused on the Industry 4.0 debate, one could mention the World Economic Forum 2016 Annual Meeting held in Davos on January 20-23 2016, together with its ambitious title: Mastering the Fourth Industrial Revolution.

Indeed, starting from Germany’s Industrie 4.0, European governments have been trying to master the demanding challenges that the fourth industrial revolution brought, taking co-ordinate actions with companies and research institutions in order to attract investments and be more competitive in the global manufacturing scene.

At a glance, Industry 4.0 consists in the transformation – or rather the evolution – of industrial manufacturing based on the new possibilities offered by:

  • The ability of machines, devices and sensors to connect and communicate with each other and analyze/process large amounts of data;
  • The ability of information systems to create a virtual copy of the physical world by enriching digital plant models with sensor data;
  • The ability of assistance systems to support humans by aggregating and visualizing information comprehensibly for making informed decisions and solving urgent problems on short notice;
  • The ability of cyber physical systems to physically support humans by conducting a range of tasks that are unpleasant, too exhausting, or unsafe for humans;
  • The ability of cyber physical systems to make decisions on their own and to perform their tasks as autonomous as possible.

The phenomenon hence embraces many fast-evolving fields such as Robotics, Internet of Things, Big Data and Smart Data.

After Germany, other European as well as oversea governments took actions aimed at exploiting, promoting and fueling with investments the research and development driven by such innovations. The United States started Manufacturing USA and France announced Industrie du Futur, to name just a few of such governmental programs.

Lastly, here in Italy, only a few days ago the Italian government announced the main features of its national Industria 4.0. The plan will make available public investments up to ten billion euro between 2017 and 2020, providing for tax incentives, as well as support for venture capital, ultra-broadband development, education and innovative research centers.

A number of legal issues are raised by the fourth industrial revolution.

  • The first and – one would say – more obvious one, is related to data protection. Intelligent and multi-linked objects continuously collect, generate and transmit data (including personal data) that are processed and analyzed, often across State’s boundaries, by both automated and manual means. It is hence fundamental that data protection laws and regulations offer appropriate legal instruments to control and limit what can potentially become an uncontrolled and automated leakage of personal data.
  • Property law is also at stake. In particular, in relation to non-personal data produced by machines and objects, ownership of such “products” seem to be mainly unregulated, with the exception of some specific instruments subject to database’s Moreover, moving towards more typical IP issues, it is clear that enhanced digitalization and connectivity both bring the risk of not being able to effectively keep trade and industrial secrets, as well as not being able to protect undisclosed know-how and business information.
  • Labour law will have to find instruments in order to manage the potential job loss deriving from automatization and innovation.
  • Product liability and, more in general, the legal framework of civil (and criminal) wrongs will have to face the fact that machines are more and more able to communicate, act and, in a way, “think” autonomously.

Can these challenges be tackled with existing legal instruments or do they require the adoption of tailor-made, brand new solutions?

The legal fields that have been mentioned here are, indeed, varied and do not allow one straightforward answer. Nevertheless, it may be worth noting that pushing for over-specific and unrealistically always-up-to-date legal instruments can be very risky. It can result, in fact, in a never-ending (but always late) frantic chase of fast-pacing technological developments, which can be more effectively tackled by adapting traditional flexible tools.

As it has been recently underlined by a study led by the European Parliament, “many of these issues have a cross-border and even pan-European element, e.g. migration of skilled labour, completing the digital single market and cybersecurity, cross-border research, standards etc”.

Perhaps, the success of the fourth industrial revolution from a legal point of view will largely depend on the ability and willingness to find harmonized and common solutions to global challenges, rather than create over-particular and specific new instruments. From this perspective, the new European Regulation on Data Protection can be seen as an encouraging legislative action providing for flexible but effective tools (such as, for example, data protection by design and data protection by default provisions) within the framework of the harmonizing strength of the European Regulation legal instrument.

Interview with Diana Saraceni of Panakés Partners

Uncategorized, , , , , , ,

This post features an interview with Diana Saraceni, founder and managing partner of PANAKÈS PARTNERS , a venture capital investor that finances medical companies, early stage startup and SMEs in Europe and Israel.

Why does Panakés Partners focus on Med-Tech?

Life sciences, especially Med-Tech, have always been an innovative and growing sector. Improving health conditions is one of the goal of developed countries, and new challenges will always face us. Considering this highly changing environment, start-ups and small companies appears to have the best structure to generate innovative solutions. In Europe there are several areas of excellence in technology and chemistry, the ideal environment where promising Med-Tech start-ups can develop. Moreover, European regulatory system has faster and easier protocols for companies to get CE mark and go to market, especially compared to the American system, where FDA approval requires more efforts, both in economic and clinical terms, to enter the market. Lastly, if we consider that western countries invest, on average, 10% of GDP every year on health services and that medical and pharmaceutical enterprises are the most active in acquiring start-ups, the great opportunity Med-Tech represent for us becomes evident.

What are the specific areas where you expect more growth in the future?

Considering the ageing of population and the need of hospitals to optimize their resources and reduce costs, we expect a great demand for technologies designed for home healthcare and chronic pathologies management. These new solutions will allow patients to receive their treatment directly at their own home, letting hospitals to focus their resources on acute pathologies treatment. Furthermore, we are confident that there will be a significant growth in all technologies aimed to a minimally invasive medicine. We are talking about in vitro diagnostics systems or robot-assisted surgery, which will substitute, or at least reduce, tissue biopsies and traditional surgery. Lastly, we expect a great increase in solutions for personalized therapies. These technologies, which combine genetic profiling to Big Data algorithms, will help physicians in the definition of therapies specifically tailored for every patients, increasing the probability of success.

Which countries appears to have the best factors (in terms of legislation, culture, access to funding and applied research) that helps fostering innovation?

By tradition, Anglo-Saxons countries are the ones with a more innovation-oriented policy. Everyone who has interesting ideas is encouraged in developing them, entrepreneurs never stop to look for new opportunities and skip from one project to another, as if they have not realized anything yet, legislation offers benefits to support the creation of new companies. These are the reasons why realities such as incubators and venture capital funds were born and are widespread in these countries. Regarding the specific case of Italy, we can state that the presence of top-class engineers and the excellence of Italy in clinical research in several areas, combined with lower costs than the other developed countries, are the main factors for the success of many Italian start-ups.

Which challenges lay ahead of you?

We received hundreds of requests of funding from companies all over Europe. Now, our main challenge will be to select the most promising ones, both in terms of proposed technology and feasibility of the project. Furthermore, we need to enlarge our network, in order to reach more companies and to find those ones whith the potentiality to change the status of medicine and build up more success stories out of Europe. We like to think of Panakés as a highly entrepreneurial start-up from a certain point of view, with great opportunities and successes just waiting for us!

 

The last event of our HEALTH INNOVATION ACADEMY is coming up!

Uncategorized, , , ,

On May 21, 2015 our HEALTH INNOVATION ACADEMY series will hold its last event. Join us to hear speakers on the topic of networks for innovation at Via Francesco Sforza 28, Milano (Aula Milani) followed by drinks.

As always, the event is organized in cooperation with the hospital IRCSS Cà Granda – Ospedale Maggiore Policlinico di Milano and with Politecnico di Milano – e-Health LAB – Informatica BioMedica e Sanità Digitale

To find out more about the May 21 program or about HEALTH INNOVATION ACADEMY’s past events, click here: http://healthinnovationacademy.weebly.com/reti-dellinnovazione.html