Privacy and data protection regulations impact the work of every advertising, marketing and PR communications professional around the globe – especially in healthcare and medicine. As the focus on privacy by consumers and regulators continues to increase, W2O’s team is tracking the most important news and changes that directly influence our industry, including the latest on legislation, new privacy technology, enforcement actions, analysis and thought leadership in privacy and data protection.
Here’s the news we’re paying attention to right now.
Recent research by Kantar shows that privacy and security concerns impact American’s willingness to use health technology. The survey included more than 1,000 adults and showed that while Americans believe that technology can help with their healthcare, only 38% believe there are proper safeguards in place. The findings indicate that adoption of health technology is hindered not by lack of innovation, but by lack of consumer trust.
Main Takeaway – As healthcare and technology become more interwoven than ever, the implicit trust that patients extend to their doctors and their medical organizations is being eroded by the arguably well-deserved privacy scrutiny that other industries are now receiving. Healthcare and medical organizations must think beyond HIPAA and embrace the privacy principles of transparency, choice, and accountability along with data protection and security.
An investigation by the European Data Protection Supervisor which identified “serious concerns” with Microsoft’s collection of data from Office 365 users has resulted in a change to the Microsoft Service Terms. The new terms and a Data Protection Addendum, which apply to all commercial customers globally, specifically exclude the processing of customer and personal data for the “purpose of profiling, advertising or similar commercial purposes”.
Main Takeaway – Microsoft has chosen to extend privacy tools and rights to all users, and not just European Users for the General Data Protection Regulation (GDPR), or California Consumers for the California Consumer Privacy Act (CCPA). Only four months after they launched new privacy tools in response to GDPR, the highest engagement with those tools came from millions of Americans. Brands with complex global operations should consider Microsoft’s example, including their embrace of privacy as a core principle and the extension of privacy tools and controls to all users, not just those in specific jurisdictions.
The European Parliament recently discussed whether California could be considered for an “adequacy decision” under the General Data Protection Regulation (GDPR). The GDPR allows for the transfer of personal data to third countries where the commission has decided that third country ensures an adequate level of data protection. The question discussed was whether California could receive such an adequacy decision separate from the United States – which currently uses Privacy Shield as a transfer mechanism. The opinion from that group was that yes, the language of GDPR does allow for “territorial” application, and the CCPA could be considered for adequacy – although the scope of the hearing was not to actually determine that.
Main Takeaway – Global marketing and communications professionals should be watching developments related to adequacy and Privacy Shield closely, as they govern the flow of data between the United States and Europe. The Advocate General of the Court of Justice has concluded that Standard Contractual Clauses (SCCs) are a valid transfer mechanism, and if Privacy Shield becomes invalidated, SCCs may have to become much more prevalent.
* The opinions expressed in this post do not constitute or represent legal advice. No liability is accepted by the authors or W2O Group for any action taken or not taken based on the information or any associated communications.