Tag Archives: regulation

Regulation On Space Activities Under Parliamentary Examination

Legal news, , , , , , ,

When it comes to human activities in space, a paradigm shift is currently taking place. Government authorities, instead of operating on their own, increasingly opt for the development of multiple forms of interaction with private operators, while the latter are keen to invest to ultimately conduct space activities in partial independence from governments. The involvement of private actors in space missions is led by technological progress and by the view of space as an economic asset.

This phenomenon implies the need for new regulations, shaping the peculiarities of the relationship between governments and private entities, while avoiding any overregulation that would constrain a rising market. The matter is, in fact, sensitive:

1) States – while wishing to interact with private entities and boost the “space economy” – are bound by international treaties and agreements.

2) Private entities need a clear delimitation of the perimeter in which they can profitably intervene, with legal certainty on the allocation of responsibilities. 

3) States and private entities ultimately need each other to harness the inherent potential of space economy. 

Today, space laws regulating the relationship between States and private operators have been adopted by more than 40 countries. Generally, States opt for an authorization system either for specific missions or for a fixed period of time.

Italy still lacks a relevant specific discipline, being merely part of international treaties regulating states’ access to outer space and space resources.

Additionally, section 189 of the Treaty on the Functioning of the European Union excludes the possibility of any harmonization of laws and regulations of EU member states in space-related policies. Thus, member states must ultimately rely on their own forces to regulate the space economy.

The good news is that Italian Parliament is currently examining a legislation, proposed on September 10, 2024, potentially able to fill the regulatory void

Specifically:

  1. the regulation would apply to space activities carried out both by operators of any nationality in Italian territory and by Italian national operators outside Italian territory;
  2. the relevant space activities virtually concern all possible extra-atmospheric human activities and are subject to authorization issued by the Government, which may involve a single space activity or several space activities of the same type or several interrelated space activities of different types;
  3. issuance of authorization is subject to objective (safety of space activities, resilience of infrastructure and, interestingly enough, environmental sustainability) and subjective criteria (including having an insurance contract and financial soundness). However, the Government’s power to deny authorization is broad and highly discretionary: authorization is in fact denied if space activity is detrimental to national interests or if there is any link between the space operator and non-democratic states.

The proposed regime for the allocation of liabilities provides for a liability of the operator for damages caused to third parties on the earth’s surface as well as to aircraft in flight and to persons and property on board of such aircraft. The liability is excluded only if the operator proves that the damage was caused exclusively and maliciously by a third party – unrelated to the space activity – and that could not have been prevented.

Furthermore, the Italian Government will be entitled to exercise a right of recourse against the space operator who caused damage to persons or property.

Will Parliament consider this framework enough to get the ball of space economy rolling? Stay tuned for the parliamentary progresses of this piece of legislation.

Processing of personal and health data through apps and online platforms aimed at connecting HCPs and patients: the new digest of the Italian DPA

Legal news, , , , , , , , , , , , , , , , , , , , , ,

On March 2024, the Italian Data Protection Authority (“Italian DPA”) has issued a new digest (“Digest”) relating to the processing of personal data, whether or not concerning health data pursuant to section 9 of the GDPR, carried out through the utilization of platforms, accessible through apps or web pages (“Platforms”), that aim to facilitate connection between healthcare professionals (“HCPs”) and patients.

The use of such Platforms poses high risks to the protection and security of patients’ personal data, and in particular health-related data, given that the latter are subject to an enhanced protection regime set forth by section 9 of the GDPR. 

The Digest seeks to summarize the applicable data protection rules that may be followed, and defines the roles of the parties, as well as the legal bases, applicable to (i) the processing of personal data of the users by Platform’s owners; (ii) the processing of HCP’s personal data by Platform’s owners; and (iii) the processing of health data of the patients by the Platform’s owner and by the HCPs.

Additional guidance is provided as to:

  • The necessity for the Platform’s owner to carry out (and periodically update) a data protection impact assessment (DPIA) pursuant to section 35 GDPR, since the use of Platforms determine a “high risk” processing of personal data, as such kind of treatment automatically meets the criteria issued by the European Data Protection Board for the identification of the list of data processing that may be deemed subject to the duty to perform a DPIA;
  • Which information notices should be provided, by who and to whom, as well as the contents that such information notices should have in each case, according to sections 13 and 14 GDPR;
  • The specific rules applicable to cross-border data transfers and data transfer to third countries.

Lastly, the Digest includes a list of the most common measures that are taken by the data controllers to ensure an appropriate level of technical and organizational measures to meet the GDPR requirements, such as encryption, verification of the qualification of the HCPs that seek to enroll within the Platform; strengthened authentication systems, monitoring systems aimed at preventing unauthorized access or loss of data.

The Digest should be very welcomed by the Platform’s owners, as it now gives a reliable and complete legal frame that may be followed in order to set up a Platform in a way which is compliant with the GDPR principles.

A New European Digital Identity

Legal news, , , , , , ,

On March 26, 2024 the Council adopted a new framework for a European digital identity (eID).

Background. In June 2021, the Commission proposed a framework for a eID that would be available to all EU citizens, residents, and businesses, via a European digital identity wallet (EDIWs). The new framework amends the 2014 regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS regulation n. 910/2014), which laid the foundations for safely accessing public services and carrying out transactions online and across borders in the EU. According to the Commission, the revision of the regulation is needed since only 14% of key public service providers across all Member States allow cross-border authentication with an e-Identity system.

Entry into Force.  The revised regulation will be published in the EU’s Official Journal and will enter into force 20 days after its publication. The regulation will be fully implemented by 2026.

Digital Wallets.  Member States will have to offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving license, bank account). Citizens will be able to prove their identity simply using their mobile phones.

EU-wide Recognition.  The new EDIWs will enable all citizens to access online services with their national digital identification, which will be recognised throughout the EU. Uses of EDIWs include: opening a bank account, checking in in a hotel, filing tax returns, storing a medical prescription, signing legal documents.

The Right to Digital Identity.  The fundamental purpose of the regulation is to establish the right to a digital identity for Union citizens and to enhance their privacy.

Main features of EDIWs.  According to the new regulation:

• the use of EIDWs shall be voluntary and shall be provided directly, under mandate or recognition by a Member State;

• EDIWs shall enable the user to (1) securely request, store, delete, share person identification data and to authenticate to relying parties; (2) generate pseudonyms and store them encrypted; (3) access a log of all transactions and report to the national authority any unlawful or suspicious request for data; (4) sign or seal by means of qualified electronic signatures; (5) exercise the rights to data portability.

Privacy.  Privacy will be safeguarded through different technologies, such as cryptographic methods allowing to validate whether a given statement based on the person’s identification data is true without revealing any data on which that statement is based. Moreover, EDIWswillhave a dashboard embedded into the design to allow users to request the immediate erasure of any personal data pursuant to Article 17 of the Regulation (EU) 2016/679.

MDR: the Postponement to 2021 is Official

Legal news, , , , , , , , ,

On April 24, 2020 the new Regulation (EU) 2020/561 officially entered into force, postponing the date of application of most Medical Devices Regulation (MDR) provisions to May 26, 2021. The final text of the regulation can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020R0561&from=EN.

The postponement was approved unanimously and was considered unavoidable since the outbreak of the covid-19 pandemic in early 2020 made it very clear that businesses, notified bodies and regulators would not be ready in time for the entry into force of the MDR requirements in May 2020.

The European Commission noted, with some relief, that  “this postponement takes the pressure off national authorities, notified bodies, manufacturers and other actors so they can focus fully on urgent priorities related to the coronavirus crisis” (https://ec.europa.eu/growth/sectors/medical-devices_nn).

While the postponement might have been triggered by the covid-19 pandemic, there is no doubt it now gives regulators and the industry alike the chance to remedy the delays that have accumulated over the past few years, with the hope that they will come prepared to the new deadline of May 2021.

What the Implant Files Are Not Telling

Legal news, , , , , , , , , , , ,

The investigation.  The “Implant Files” is a global investigation carried out by reporters in 36 countries under the lead of the International Consortium of Investigative Journalists (https://www.icij.org/investigations/implant-files/). The project, which attracted significant worldwide attention over the last few weeks as articles and reports were published, purported to show how the medical device industry failed to place on the market safe products and ultimately harmed a significant number patients.

Regrettably the way the investigation has been reported by several media outlets and the conspiracy theories underlying certain articles leave the readers without a clear understanding of the issues on the table and the policies behind the current regulatory framework.

The approval process.  For instance,  while the investigation was conducted globally, many articles published by European consortium members focused their attention on the lack of a centralized authorization procedure for the marketing of medical devices in the EU and argued that a loose regulatory framework enabled manufacturers to sell unsafe devices on the European market.

The absence of a centralized marketing authorization procedure for medical devices in Europe is depicted as a failure of European lawmakers, influenced by the medical device lobby. However, none of the articles reporting on the investigation provides readers – who may not be familiar with the authorization process – a clear and complete picture of the rationale and public healthcare policies behind the current regulatory framework. Most notably, the Implant Files investigation fails to explain the benefits for patients of a faster launch of innovative devices on the market. Neither they show any meaningful and documented difference in terms of patient safety between the EU and the US, where a centralized authorization procedure administered by the FDA is in force. The fact that the investigation concerns the US as much as the rest of the world is probably a good indication that the type of approval procedure does not per se guarantee patients’ safety and an effective healthcare system.

The new regulation.  As to the timing of the investigation, it comes at a moment of transition when the new EU medical device regulation has already been enacted but has not yet begun to unfold its innovative potential in the industry.  Yet, the Implant Files investigation seems to assume that the new regulation will have no impact on the industry and the approval/vigilance system as a whole. The investigation does not really delve into the changes and improvements brought by the new regulation, which has in fact already addressed many of the issues raised by the Implant Files. Among such innovations, new and improved vigilance measures and an increased accountability for notified bodies should be certainly taken into consideration.

Further, the investigation neglects the public discussions and exchanges that occurred throughout the EU (and the world) in the years that preceded the enactment of the new regulation, when the truth is that its provisions have been at the center of the public healthcare discourse for years, have been debated among experts, stakeholders and lawmakers in full transparency, have been reported by newspapers and specialized media. The alleged “scoop” seems a few years late.

The current vigilance system.  Lastly, one of the major flaws of many articles reporting on the investigation is that they give readers the idea that no meaningful vigilance system exists today. This is of course not correct. Italy, for instance, has a long-standing nation-wide register of approved medical devices marketed in its territory kept by the Ministry of Health. The same Ministry transparently shows on its website all safety notices and field actions carried out in Italy. The tool is easily searchable and can be found on the very first page of the medical device directorate’s site. 

Not only the Implant Files investigation failed to accurately report the existing vigilance and transparency measures, but created their own medical device database, allegedly aimed at providing the public with full access to data submitted by patients and reporters. 

Does the Implant Files investigation really benefit patients?  At the moment one cannot but wonder if this project really does provide patients with complete, accurate and independent information that can be useful for their health and wellbeing.

Is a public database, entirely managed by a private consortium, really empowering patients? How the database is managed, how the uploaded information is vetted and updated, for which purposes the uploaded information can be used by patients? Shouldn’t we work on improving a public, transparent system, managed by officers and professionals who have the scientific and regulatory expertise that is needed to address all issues involved, rather than building on a new, uncontrolled and unaccountable tool that could potentially distort patients’ behavior? The media would do a better service to the public opinion by giving a balanced, informative and articulate picture of the facts, rather than spreading sensationalistic news that would make anyone with an implanted device panic (and click on the article!).