Suchergebnisse

Das Lebensmittel- und Futtermittelgesetzbuch (LFGB) ist eine wichtige Grundlage für den Verbraucherschutz und die Lebensmittelsicherheit, vor allem im Verkehr mit Lebensmitteln. Deshalb wird es immer wieder den aktuellen Gegebenheiten angepasst. So ist das LFGB auch Grundlage für die amtliche Überwachung im Bereich der Sicherheit und Täuschung in Ergänzung zur Basis-Verordnung, dem Hygienerecht und der LMIV.

This article analyzes the impact and associated legal challenges of cross-border data transfers in the pharmaceutical sector after the recent Court of Justice of the European Union (CJEU) decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Schrems II). In Schrems II, the CJEU invalidated Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield Framework. That said, the Court also found that the European Commission Decision 2010/87 on standard contractual clauses (SCCs) for the transfer of personal data to processors established in third countries is still valid. The ruling has resulted in significant uncertainty and liability risks for organizations that depend on EU-US cross-border transfers of personal data such as pharmaceutical companies (data controllers) engaged in global clinical trials and their technology providers for endpoint collection and data transfer (processors). In light of these challenges, this paper discusses the need for sustainable practices and a legally sound regulatory environment for data transfer. To mitigate risks and uncertainties, we stress the need for updated SCCs guidelines and argue inter alia for the adoption of contractual frameworks which incorporate SCCs with a robust information security management system (ISMS) and a privacy information management system (PIMS) to ensure an appropriate level of data protection.

Cloud-based technologies, big data, statistical signal processing algorithms, and Artificial Intelligence (AI) technologies are expected to play an increasingly important role in themedical field. Big data and AI-technologies rely on the cloud for data storage as well as for computational power and thus need effective and robust legal frameworks for international data transfer. Because of inconsistent data protection regulations, this is not always simple to achieve as it can be illustrated in the United States (US)–European Union (EU) context. Due to the lack of general data protection law at the federal level, the US currently does not have a general 'adequacy decision' from the European Commission (EC) to enable EU-US cross-border data transfers without the need for additional data protection safeguards under GDPR. As a fallback, a 'limited adequacy' decision was adopted in 2016 on the so-called 'EU/US Privacy Shield Framework'. This framework protects the fundamental rights of natural persons in the EU and allows the free transfer of personal data to companies that are certified under the EU-US Privacy Shield. However, the EU-US Privacy Shield has been recently contested at the Court of Justice of the European Union (CJEU). This paper analyzes the EU-US Privacy Shield Framework, the associated legal challenges, and how these might affect organizations deploying or implementing cloud-based medical technologies relying on cross-border data transfers from EU data subjects.