Category: Technology

Who Benefits from Self-Driving Cars?

Everyone will benefit from self-driving cars, but to varying degrees. Society, from a safety standpoint, benefits from eliminating some or all of the 34,247 motor vehicle fatalities per year. The elderly and disabled can benefit by regaining independence. Commuters can benefit by turning their dreaded drive to work into a relaxing or productive session they look forward to. But what about car manufacturers?

Car manufacturers may potentially benefit the most from self-driving cars. Assuming that they develop safe, fully autonomous robotaxis, then a car manufacturer may be able to operate the car as a robotaxi and potentially generate ten times the sale price of a vehicle over the life of the vehicle. But before this can happen, a company has to produce a fully self-driving vehicle at a reasonable cost. From a hardware standpoint, a key challenge is sensor technology. Lidar, a critical sensor for autonomous cars that can bridge the deficiencies in today’s camera and radar systems, is a significant hurdle due to its cost (e.g., up to $75,000), size, and complexity.

Therefore, it comes as no surprise that lidar companies are benefiting from large investments and partnerships this year to develop advanced lidar solutions. For example, Sense Photonics recently emerged from stealth mode and made headlines with a $26 million round advertising a whole new approach that allows for an ultra-wide field of view and flexible installation. Sense Photonics claims they have a “flash” lidar which can illuminate the entire scene with one giant flash, as opposed to the scanning or sweeping systems employed by the early popular lidars systems, such as those from Velodyne. Luminar recently announced they developed a new LIDAR sensor that weighs less than 2 pounds, is the size of a soda can, and will cost as little as $500. Another upstart, Lumotive, announced that it has a solid-state sensor with metamaterial (e.g., a non-naturally occurring material that can have a negative refractive index) that includes tiny tunable components that can slow down parts of the laser beam in order to steer the beam. Steering a laser beam in this manner, according to Lumotive, may eliminate the need for mechanically moving parts. Yet another lidar company, Quanergy, touts that they have a fully solid-state automotive grade lidar based on optical phased arrays that do not include any moving parts on any scale, while offering an unparalleled level of quality and reliability.

While the timeline is uncertain, it is likely that self-driving cars will be safer than human drivers, and that auto manufacturers and technology suppliers will find opportunities to increase profits. However, this will likely bring about certain disadvantageous. Some disadvantages are obvious, such as the loss of transportation-related jobs due to automation, but there may be other less obvious disadvantages. If a car manufacturer can make more money by keeping their car, why would they sell it to consumers? Elon Musk thinks that is the case, and part of his “Master Plan” is to enable self-driving hardware to operate as autonomous robotaxis to generate revenue for Tesla itself. While autonomous robotaxis may have many benefits, the inability to buy a reasonably priced car because it is more profitable in the hands of the car manufacturer does not benefit the car shopper!

© 2019 Foley & Lardner LLP

More more on self-driving cars, see the Utilities & Transport law page on the National Law Review.

You Can be Anonymised But You Can’t Hide

If you think there is safety in numbers when it comes to the privacy of your personal information, think again. A recent study in Nature Communications found that, given a large enough dataset, anonymised personal information is only an algorithm away from being re-identified.

Anonymised data refers to data that has been stripped of any identifiable information, such as a name or email address. Under many privacy laws, anonymising data allows organisations and public bodies to use and share information without infringing an individual’s privacy, or having to obtain necessary authorisations or consents to do so.

But what happens when that anonymised data is combined with other data sets?

Researchers behind the Nature Communications study found that using only 15 demographic attributes can re-identify 99.98% of Americans in any incomplete dataset. While fascinating for data analysts, individuals may be alarmed to hear that their anonymised data can be re-identified so easily and potentially then accessed or disclosed by others in a way they have not envisaged.

Re-identification techniques were recently used by the New York Times. In March this year, they pulled together various public data sources, including an anonymised dataset from the Internal Revenue Service, in order to reveal a decade’s worth of Donald Trump’s negatively adjusted income tax returns. His tax returns had been the subject of great public speculation.

What does this mean for business? Depending on the circumstances, it could mean that simply removing personal information such as names and email addresses is not enough to anonymise data and may be in breach of many privacy laws.

To address these risks, companies like Google, Uber and Apple use “differential privacy” techniques, which adds “noise” to datasets so that individuals cannot be re-identified, while still allowing access to the information outcomes they need.

It is a surprise for many businesses using data anonymisation as a quick and cost effective way to de-personalise data that more may be needed to protect individuals’ personal information.

If you would like to know more about other similar studies, check out our previous blog post ‘The Co-Existence of Open Data and Privacy in a Digital World’.

Copyright 2019 K & L Gates
This article is by Cameron Abbott of  K&L Gates.
For more on internet privacy, see the National Law Review Communications, Media & Internet law page.

Are Your AI Selection Tools Validated? OFCCP Provides Guidance for Validation of AI-Based Algorithms

We have long counseled employers using or contemplating using artificial intelligence (“AI”) algorithms in their employee selection processes to validate the AI-based selection procedure using an appropriate validation strategy approved by the Uniform Guidelines on Employee Selection Procedures (“Uniform Guidelines”).  Our advice has been primarily based on minimizing legal risk and complying with best practices.  A recently updated Frequently Asked Questions (“FAQ”) from the Office of Federal Contract Compliance Programs (“OFCCP”) provides further support for validating AI-based selection procedures in compliance with the Uniform Guidelines.

On July 23, 2019, the OFCCP updated the FAQ section on its website to provide guidance on the validation of employee selection procedures.  Under the Uniform Guidelines, any selection procedure resulting in a “selection rate for any race, sex, or ethnic group which is less than four-fifths (4/5) (or eighty percent) of the rate for the group with the highest rate will generally be regarded by Federal enforcement agencies as evidence of adverse impact,” which in turn requires the validation of the selection procedure.  These validation requirements are equally applicable to any AI-based selection procedure used to make any employment decision, including hiring, termination, promotion, and demotion.

As stated in the Uniform Guidelines, and emphasized in the FAQ, the OFCCP recognizes three methods of validation:

  1. Content validation – a showing that the content of the selection procedure is representative of important aspects of performance on the job in question;

  2. Criterion-related validation – production of empirical data demonstrating that the selection procedure is predictive or significantly correlated with important aspects of job performance; and

  3. Construct validation – a showing that the procedure measures the degree to which candidates possess identifiable characteristics that have been determined to be important in successful performance on the job.

With the exception of criterion-related validating studies, which can be “transported” from other entities under certain circumstances, the Uniform Guidelines require local validation at the employer’s own facilities.

If a selection procedure adversely impacts a protected group, the employer must provide evidence of validity for the selection procedure(s) that caused the adverse impact. Thus, it is crucial that employers considering the implementation of AI-based algorithms in the selection process both conduct adverse impact studies and be prepared to produce one or more validation studies.

The new FAQ also provides important guidelines on the substantial methods utilized by OFCCP in evaluating potential adverse impact.  In accordance with the Uniform Guidelines, OFCCP will analyze the Impact Ratio – the disfavored group’s selection rate divided by the favored group’s selection rate.  Any Impact Ratio of less than 0.80 (referred to as the “Four – Fifths Rule”) constitutes an initial indication of adverse impact, but OFCCP will not pursue enforcement without evidence of statistical and practical significance.  For statistical significance, the OFCCP’s standard statistical tests are the Fisher’s Exact Test (for groups with fewer than 30 subjects) and the Two Independent-Sample Binomial Z-Test (for groups with 30 or more subjects).

With the publication of this new FAQ, employers – and particularly federal contractors – should be sure to evaluate their use of AI-based algorithms and properly validate all selection procedures under the Uniform Guidelines.  Moreover, although not addressed in the OFCCP’s new FAQ, employers should also ensure that their AI-based algorithms are compliant with all other state and federal laws and regulations.

©2019 Epstein Becker & Green, P.C. All rights reserved.

Drive.ai Introduces External Communication Panels to Talk to Public

Self-driving cars are inherently presented with a challenge—communicating with their surroundings. However, Drive.ai has attempted to address that challenge by equipping its self-driving cars with external communication panels that convey a variety of messages for drivers, pedestrians, cyclists and everyone else on the road. Drive.ai CEO Bijit Halder said, “Our external communication panels are intended to mimic what an interaction with a human drive would look like. Normally you’d make eye contact, wave someone along, or otherwise signal your intentions. With [these] panels everyone on the road is kept in the loop of the car’s intentions, ensuring maximum comfort and trust, even for people interacting with a self-driving car for the first time.” To help the company build its platform, one of the company’s founders recorded herself driving around normally and analyzed all the interactions she had with other drivers, including eye contact and hand motions.

Specifically, the panel uses lidar sensors, cameras, and radar to determine if any pedestrians are in or near a crosswalk as it approaches the crosswalk. If the vehicle detects that pedestrian’s path, the car begins to slow down and displays the message “Stopping for you.” Once the vehicle comes to a complete stop, it displays the message “Waiting for you.” When there are no more pedestrians are detected, the vehicle will display the message “Going now, please wait” to let other pedestrians to wait to cross.

Drive.ai continues to conduct research to determine the best means of communication including the best location for such communications, which is currently right above the wheels based on its previous studies. Halder said, “The more you can effectively communicate how a self-driving car will act, the more confidence the public will have in the technology, and that trust will lead to adoption on a broader scale.”

 

Copyright © 2019 Robinson & Cole LLP. All rights reserved.
More more in vehicle technology advances, see the Utilities & Transport page on the National Law Review.

Ericsson Offers FRAND – District Court Endorses Comparable Licenses, Rejects SSPPU Royalty Rate

On May 23, 2019, the court issued a declaratory judgment in the case of HTC v. EricssonNo. 18-cv-00243, pending in the United States District Court for the Eastern District of Texas (Judge Gilstrap). That judgment confirmed that Ericsson’s 4G standard-essential patents (“SEPs”) convey significant value to mobile handsets and held that Ericsson made an offer to HTC that complied with Ericsson’s obligations to license on fair, reasonable, and non-discriminatory (“FRAND”) terms. The decision, published on the heels of Judge Koh’s recent opinion in FTC v. Qualcomm, provides much-needed clarity to SEP owners by definitively rejecting the smallest-saleable patent practicing unit (“SSPPU”) royalty theory in favor of a real-world, market-based approach.

The Dispute

Ericsson owns a large portfolio of cellular patents essential to the 2G, 3G, and 4G standards that it licenses to handset makers worldwide. As a member of the ETSI standard setting organization, Ericsson agreed to license these patents on FRAND terms. Ericsson offered a license to HTC at a rate of $2.50 per 4G device, or 1% of the net device price with a $1 floor and $4 cap. HTC countered with a rate of $0.10 per 4G device. HTC sued Ericsson, claiming that Ericsson’s offered royalty rate was too high, and that Ericsson breached its FRAND commitment.

A jury trial was held in February 2019. HTC argued that a royalty base must be calculated based on the profit margin of the baseband processor (which HTC argued was the SSPPU) rather than the price of the device as a whole. Ericsson argued that HTC’s SSPPU approach dramatically undervalued 4G cellular technology and that Ericsson’s patents in particular were worth far more. After a five-day trial, the jury found that Ericsson’s offers did not breach Ericsson’s commitment to license on FRAND terms and conditions.

The Decision

Following the verdict, the district court also issued its findings of fact and conclusions of law in connection with ruling on Ericsson’s request for a declaratory judgment that it had complied with FRAND. This declaration reaffirmed the jury’s findings, while also addressing more fully some key questions.

First, the court stated unequivocally that the ETSI FRAND commitment does not require a company to license its SEPs based on the profit or cost of the baseband processor or SSPPU.The district court’s decision is consistent with Federal Circuit precedent, such as Ericsson v. D-Link, which holds that “courts must consider the facts of record when instructing the jury and should avoid rote reference to any particular damages formula.”

Second, the order went further to conclude that Ericsson’s 4G portfolio is worth significantly more than a royalty rate based on the profit margin or cost of the baseband processor in HTC’s phones (HTC’s “SSPPU”). Looking to industry-wide evidence, the court held that the value of cellular technology far exceeded a valuation based on the price or profit of a baseband processor. The court found that “Ericsson established, and HTC’s own experts conceded, that there are no examples in the industry of licenses that have been negotiated based on the profit margin, or even the cost, of a baseband processor” and that credible evidence supported a finding that “the profit margin, or even the cost, of the baseband processor is not reflective of the value conferred by Ericsson cellular essential patents.”

Third, the court determined that both of Ericsson’s offers to HTC—(1) $2.50 per 4G device or (2) 1% with a $1 floor and $4 cap—were fair, reasonable, and non-discriminatory. The court found that Ericsson’s “comparable licenses provide the best market-based evidence of the value of Ericsson’s SEPs and that Ericsson’s reliance on comparable licenses is a reliable method of establishing fair and reasonable royalty rates that is consistent with its FRAND commitment.” At trial, evidence was presented regarding Ericsson’s licenses with Apple, BLU, Coolpad, Doro, Fujitsu, Huawei, Kyocera, LG, Panasonic, Samsung, Sharp, Sony, and ZTE. The court noted that several of Ericsson’s licenses contained express terms that were “similar or substantially similar” to Ericsson’s offers to HTC and rejected the argument that Ericsson’s offers to HTC were discriminatory.

Why It Matters

Judge Gilstrap’s declaration represents an important development in FRAND case law that looks to industry practice and market evidence rather than untested licensing theories. It affirms that basing a rate on comparable licenses is an acceptable FRAND methodology.

The decision also rejects the SSPPU royalty theory. Some have read the recent FTC v. Qualcommopinion to suggest that a FRAND royalty must be structured as a percentage rate on a baseband processor. Judge Gilstrap’s declaration demonstrates why such a reading is incorrect.  First, the declaration explains that the ETSI FRAND commitment simply does not require a SSPPU royalty base. Second, even if one were to indulge the SSPPU approach, the SSPPU for many standard-essential patents is not limited to a baseband processor. Third, a wealth of market evidence shows that Ericsson’s patents (and standard-essential patents generally) are far more valuable than a baseband processor-based royalty would reflect.

© McKool Smith
This article was written by Nicholas Mathews from McKool Smith.

Emerging Technologies Update

Our present era is one characterized by rapid technological change, marked by an influx of advancements aimed at enhancing productivity, reducing labor costs, and providing companies with previously unforeseen efficiencies and insights. These emerging technologies—a broad collection of hardware and software that includes artificial intelligence (AI), autonomous vehicles (AVs), biotechnology, robotics, and unmanned aerial systems (drones)—are being incorporated into everyday operations by seemingly every industry and sector.

A number of emerging technologies are finding particular value in the energy, natural resources, and transportation spaces.  A brief survey of these sectors reveals that companies are incorporating emerging technologies in a number of novel ways, including:

  • Use of drones to detect leaks along pipelines and to survey the structural integrity of offshore rigs;
  • Integration of machine learning-empowered connected devices by electric, gas, and water utilities to better serve communities by identifying ways to be more efficient with respect to how resources are managed;
  • Application of predictive analytics for refinery/gas plant optimization to mitigate un-programmed plant shutdowns, improve yields, and enhance safety awareness;
  • Incorporation of machine learning and computer vision into AV systems which have the capability to significantly improve road safety, reduce traffic fatalities, and improve vehicle efficiency;
  • Adoption of machine learning and data analytics by oil and gas companies into planning processes for drilling by hydraulic fracturing; and
  • Utilization of autonomous delivery systems—including aerial and sidewalk drones—in an effort to significantly reduce the cost of deliveries and environmental impacts over the “last mile.”

While these and other technologies show great promise, they also create a host of new challenges for governments, companies, and individuals.  In particular, emerging technologies could usher in an era of massive disruption that dramatically alters and upsets traditional notions of consumer safety and privacy, national security, job security, and environmental quality.  Federal and state regulators and legislators are already starting to tackle the challenges arising from emerging technologies—with mixed results. These actions risk generating unintended consequences that could stifle innovation and/or forestall the incorporation of emerging technologies into various industry operations.

This inaugural VNF Emerging Technology Update is intended to identify recent executive and legislative branch developments in the emerging technology space that may impact the deployment of these technologies, which in turn could impact client operations. If you have a question about these or any other developments in the emerging technology space, please contact the authors of this alert.

Recent Emerging Tech Developments

DOT Announces New Measures to Facilitate Drone Deployment

On January 14, 2019, Secretary of Transportation, Elaine Chao, announced several significant regulatory developments that should—in time—provide drone companies and operators with more operational flexibility.

First, Secretary Chao announced that the Federal Aviation Administration (FAA) had unveiled a proposed rule entitled, “Operation of Small Unmanned Aircraft Systems over People.” Among other things, the proposed rule would allow a small drone to “pass[] over any part of any person who is not directly participating in the operation and who is not located under a covered structure or inside a stationary vehicle”—provided that the drone meets certain operational constraints related to drone weight, design, and risk of injury to people.  The proposed rule would also permit drones to operate at night provided that (i) the drone is equipped with an anti-collision light that is visible for at least three statute miles, and (ii) the operator has completed relevant knowledge training and testing.

While the proposed rule is a good first step in facilitating further innovation in small drone use cases, it is unlikely that the rule would have any immediate impact because it is contingent on the FAA implementing remote identification and tracking regulations, which the FAA is expected to promulgate in proposed form later this year.  Moreover, remote ID and tracking rules are necessary to stymie nefarious and nuisance operations that could target critical systems and infrastructure, including events similar to those that occurred at London’s Gatwick and Heathrow airports late in 2018 and early in 2019, and at Newark International Airport on January 22, 2019. Thus, while the proposed rule is a welcome step toward facilitating drone innovation, regulators still have a lot of work to do before companies (and consumers) realize the potential benefits of commercial drones.

In addition to the proposed rule, the FAA also announced an advanced notice of proposed rulemaking (ANPR) seeking comments on the “Safe and Secure Operations of Small Unmanned Aircraft Systems.” The ANPR recognizes the potential national security threat that drones pose to critical infrastructure, acknowledging that it is continually assessing the ability of the Part 107 regulations to address these concerns.  In addition, the ANPR notes that the FAA is working to develop a process to allow certain fixed-site facility owners to petition the agency to prohibit or restrict drone operations in close proximity to, e.g., critical infrastructure sites. The ANPR further recognizes public safety and national security concerns arising from loss of control of a drone. The agency seeks comment on the need to promulgate regulations establishing design requirements (such as redundancy) for systems critical to flight safety.

It is important to note that the current government shutdown has impacted the publication of these regulatory actions in the Federal Register. Therefore, the FAA is not yet accepting public comment on these actions. The FAA has not indicated when it will publish these actions in the Federal Register, but simply says both will be published “at a later date.”

FCC Proposed Rule on Unlicensed Use of 6 GHz Band

On December 17, 2018, the Federal Communications Commission (FCC) published a proposed rule to expand unlicensed use of the 5.925-7.125 GHz band (6 GHz band). Specifically, the FCC would allow unlicensed access points to operate on the 5.925-6.425 GHz and 6.525-6.875 GHz sub-bands only on frequencies determined by an automated frequency control (AFC) system. For the 6.425-6.525 GHz and 6.875-7.125 GHz sub-bands, the FCC would not mandate an AFC system and would permit unlicensed access points to operate at lower transmitted power.

The FCC’s press release on the proposed rule notes that “[u]nlicensed devices that employ Wi-Fi and other unlicensed standards have become indispensable for providing low-cost wireless connectivity in countless products used by American consumers.” The proposed rule represents one element of the FCC’s broader objective to facilitate and ensure that adequate spectrum exists to accommodate the proliferation of connected devices in the internet of things (IoT).

While the FCC asserted its commitment to “protecting the incumbent licensed services that operate in this spectrum,” the FCC’s proposed action does raise the possibility of conflict with electric, gas, and water utilities and other critical infrastructure systems, which have long relied on the 6 GHz band for their communications networks. Some worry that the FCC’s action could unleash a flood of new unlicensed users on the spectrum, which could create radio frequency interference that compromises both reliability and emergency response capabilities.

Comments on the proposed rule are due by February 15, 2019.

BIS Contemplating Export Controls for Certain Emerging Technologies

On November 19, 2018, the Bureau of Industry and Security (BIS)—an agency within the Department of Commerce—published an ANPR seeking public comment on criteria for identifying emerging technologies that are essential to U.S. national security. The BIS ANPR comes at a time of heightened scrutiny over global technology transfers. The past year alone has been dominated by headlines of (i) potential national security concerns related to the import of Chinese telecommunications technologies; (ii) potential supply chain attacks on U.S. technology manufacturers; and (iii) escalating trade tensions between the United States and China precipitated at least in part by U.S. objections over Chinese theft of intellectual property.

It is this third risk that BIS’s ANPR is attempting to redress. With the help of public comments received over the course their comment period (which closed on January 10, 2019) BIS will evaluate potential national security risks that may arise from the export of emerging technologies.  The agency has indicated that it will likely promulgate a proposed rule to amend the Commerce Control List (CCL) to include new Export Control Classification Numbers (ECCNs) for certain emerging technologies.

While there is certainly a need to address the economic, national security, and political implications of technology transfers—and the deleterious impacts of industrial espionage—some of the most prominent technology companies and technology industry advocacy groups argue that BIS’s action will do little to mitigate potential national security risks and may actually do more to harm U.S. emerging technology companies, because any prohibition on technology exports will apply to companies operating within the United States. Consequently, sophisticated external actors will still be able to engage in industrial espionage, thereby extracting potentially sensitive technologies outside of officially-sanctioned processes, allowing certain emerging technologies to end up in jurisdictions outside of the United States or its allies without U.S. companies being able to control the dissemination of those technologies.

Given the potential negative impacts of BIS’s contemplated regulatory action—as well as the fact that BIS issued the ANPR immediately before the year-end holiday season—many companies petitioned the agency for an extension of the original 30-day comment period. While BIS did extend the comment period an additional three weeks, the compressed comment period undoubtedly prevented some companies and individuals from offering more detailed insights.  Given the potential economic and security impacts of the ANPR, companies may wish to engage with the Office of Information and Regulatory Affairs (OIRA) within the Office of Management and Budget (OMB) as an alternative or parallel strategy to ensure that the Administration is aware and understands the potential implications on U.S. companies.

Senators Warner and Rubio Introduce Bill to Establish the Office of Critical Technologies and Security

On January 4, 2019, Senators Mark Warner (D-VA) and Marco Rubio (R-FL) introduced S.29, which would establish an “Office of Critical Technologies and Security” within the White House. Recognizing threat of industrial espionage, forced technology transfers, and supply chain vulnerabilities, the bipartisan bill is intended to ensure that technology transfer decisions occur within a broader policy context—a “whole of government technology strategy”—that weighs relevant economic, geopolitical and national security concerns in a way different from the existing BIS regulatory process.

As of January 22, the Senate has taken no further action on the bill.

 

© 2019 Van Ness Feldman LLP
This post was written by R. Scott Nuzum and Eric C. Wagner of Van Ness Feldman LLP.

Medical Products & FDA: What to Watch for in 2019

Major legislation impacting FDA often accompanies user fee reauthorizations every 5 years. However, Congress has acted to address public health issues between user fee cycles. FDA regulates 20¢ of every U.S. consumer dollar spent on products ranging from heart valves to insulin to breakfast cereal, so there’s always something Congress can do in the realm of FDA’s statutory authorities. Many FDA-related bills are often bipartisan, too, which suggests action despite different parties in power in the House and Senate. Here are a few key medical product issues we’ll be tracking in 2019.

Laboratory Developed Tests (LDTs)

An LDT is a type of in vitro diagnostic test that is designed, manufactured, and used within a single laboratory. In recent years, FDA has attempted to more actively regulate LDTs, claiming they are more complex now than when the agency was granted authority to regulate devices in the 1970s (FDA had, until recently, generally ignored LDTs using a policy known as enforcement discretion). A few years ago, the agency published a proposed approach that caused a stir in Congress and the lab industry and after years of debate Congress seems ready to act on LDTs, which some are now calling In Vitro Clinical Tests (IVCTs). However, New Jersey Democrat Frank Pallone, the likely incoming chairman of the House Energy & Commerce Committee has expressed concern with FDA’s proposed approach to IVCT regulation, especially its heavy reliance on review by accredited persons (i.e., third party review) and pre-certification. FDA’s position was outlined by Commissioner Scott Gottlieb, who in a September 2018 speech stated that FDA envisions reviewing only 10% of IVCTs, 40% would use the pre-certification model, and the remainder would not be subject to FDA premarket review.

Who blinks first? Based on my experience at FDA, the agency is likely to wait for Congress to make the first move largely because FDA went all in by submitting 59 pages of “technical assistance”—essentially a draft bill—to Congress in August 2018. A Democrat-controlled E&C may push for more oversight or a phased-in approach, which is something FDA has resisted. Sure to further complicate discussions is the role of user fees in funding an IVCT regulatory program. Among the questions that need to be answered: how much IVCT oversight will FDA have relative to third parties, how much will that cost, and who’s paying the bill? As a former user fee negotiator for FDA, I can tell you those conversations are not going to be easy.

Digital Health

FDA’s exploration of a new regulatory paradigm for digital health products hit a bump in the road on October 10 when Senators Warren, Murray, and Smith (all Democrats) sent a letter to FDA asking, among other things, what the legal basis is for the digital health pre-cert program. Because FDA does not have the staff capacity or expertise to review all digital health products (including software), part of its solution is to rely on certifications that a product developer has a culture of quality and organizational excellence. FDA also says the current review paradigm is not well-suited to software and similar products that have fast, iterative development cycles. This idea has merit but the details need to be hammered out—likely in statute. And while 2019 is too early to expect legislation, the October 10 letter foreshadows intense scrutiny from HELP Committee Democrats. The agency is still collecting comments on its proposed framework.

Medical Device Cybersecurity

FDA recently made a splash with its cybersecurity playbook and a recently updated premarket cybersecurity guidance. However, while I was at FDA we responded to a lot of requests for technical assistance from both sides of the aisle on legislative language that would: mandate convening stakeholders to recommend guidelines for improving cybersecurity of devices, mandate software bills of materials, or provide basic cybersecurity operational standards for Internet-connected devices, among other ideas. The jury is out on how much any of these ideas would meaningfully improve the nation’s cybersecurity infrastructure at least as it pertains to medical devices. Considering cybersecurity is a hot topic in other contexts (e.g., election security, personal computing), the 116th Congress will likely continue to look for legislative wins in this space and we’ll be watching closely to see what the impacts could be on medical products.

Device Servicing

FDA continues to look for a solution to problematic device servicing and will be holding another public meeting in December 2018. While we’re optimistic FDA will come out of that meeting with a draft policy (the agency said it plans to issue a draft guidance document before October 2019), we see challenges with some of the ideas mentioned in a discussion paper the agency released in October 2018. Even as FDA reviews public comments and publishes guidance, there could be a role for Congress, such as to ensure appropriate oversight of servicing through mandated inspections. We’re looking forward to seeing how interaction between OEMs, servicers, and FDA at the December workshop could influence the draft guidance.

OTC Monograph Reform

As noted in our Lame Duck Preview for health issues, OTC monograph reform legislation passed the House but awaits action in the Senate, where it’s stuck in committee. An OTC monograph is like a recipe for an over-the-counter drug that, once approved by FDA, can be used by any drug manufacturer without FDA pre-approval of the manufacturer’s specific drug. The bill would speed up the regulatory process for OTC monographs by allowing use of administrative orders rather than rulemaking. Both bills authorize FDA to grant exclusivity for the monograph developer, which would protect market access, though the amount of exclusivity differs (18 months in the House bill; 24 months in the Senate bill). Likely incoming House E&C Chairman Pallone is—again—who we’re looking to regarding action on this. Despite voting for the House version, it is well-known that Rep. Pallone has concerns about the exclusivity provision. The OTC monograph process has not changed since 1972 and reform efforts have been brewing for a while; if this does not move in the lame duck, this could be in play in 2019.

Opioids

Congress passed major opioids legislation in September 2018 so while Congress may shift its focus to other issues, we’ll be keeping an eye on how the administration is implementing its mandates. FDA in particular has as full plate with:

  • Holding a public meeting to address challenges of developing non-addictive medical products for acute or chronic pain;
  • Issuing new or updating existing guidance documents addressing, among other topics, how FDA considers pain, pain control, or pain management in assessing whether a disease or condition is serious or life-threatening and how FDA may require postmarket studies to assess reductions in effectiveness of a drug that change the drug’s benefit-risk profile;
  • Issuing prescribing guidelines for the indication-specific treatment of acute pain;
  • Developing a list of controlled substances to refer to Customs and Border Protection and other import controls; and
  • Implementing new authority to require unit dose packaging (aka blister packs).

This list is not exhaustive, yet it’s clear FDA will be busy. We’ll be keeping a close eye on administration and congressional actions related to these and other important public health issues in 2019.

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

ARTICLE BY

Aaron L. Josephson

Treasury Releases Report on Nonbank Institutions, Fintech, and Innovation

On July 31, 2018, the U.S. Department of the Treasury released a reportidentifying numerous recommendations intended to promote constructive activities by nonbank financial institutions, embrace financial technology (“fintech”), and encourage innovation.

This is the fourth and final report issued by Treasury pursuant to Executive Order 13772, which established certain Core Principles designed to inform the manner in which the Trump Administration regulates the U.S. financial system.  Among other things, the Core Principles include:  (i) empower Americans to make independent financial decisions and informed choices; (ii) prevent taxpayer-funded bailouts; (iii) foster economic growth and vibrant financial markets through more rigorous regulatory impact analysis; (iv) make regulation efficient, effective, and appropriately tailored; and (v) restore public accountability within federal financial regulatory agencies and rationalize the federal financial regulatory framework.

Treasury’s lengthy report contains over 80 recommendations, which are summarized in an appendix to the report.  The recommendations generally fall into four categories:  (i) adapting regulatory approaches to promote the efficient and responsible aggregation, sharing, and use of consumer financial data and the development of key competitive technologies; (ii) aligning the regulatory environment to combat unnecessary regulatory fragmentation and account for new fintech business models; (iii) updating a range of activity-specific regulations to accommodate technological advances and products and services offered by nonbank firms; and (iv) facilitating experimentation in the financial sector.

Some notable recommendations include:

Embracing Digitization, Data, and Technology

  • TCPA Revisions: Recommending that Congress and the Federal Communications Commission amend or provide guidance on the Telephone Consumer Protection Act to address unwanted calls and revocation of consent.

  • Consumer Access to Financial Data: Recommending that the Bureau of Consumer Financial Protection (“BCFP”) develop best practices or principles-based rules to promote consumer access to financial data through data aggregators and other third parties.

  • Data Aggregation: Recommending that various agencies eliminate legal and regulatory uncertainties so that data aggregators can move away from screen scraping to more secure and efficient methods of access.

  • Data Security and Breach Notification:  Recommending that Congress enact a federal data security and breach notification law to protect consumer financial data and notify consumers of a breach in a timely manner, with uniform national standards that preempt state laws.

  • Digital Legal Identity:  Recommending efforts by financial regulators and the Office of Management and Budget to enhance public-private partnerships that facilitate the adoption of trustworthy digital legal identity products and services and support full implementation of a U.S. government federated digital identity system.

  • Cloud Technologies, Artificial Intelligence, and Financial Services:  Recommending that regulators modernize regulations and guidance to avoid imposing obstacles on the use of cloud computing, artificial intelligence, and machine learning technologies in financial services, and to provide greater regulatory clarity that would enable further testing and responsible deployment of these technologies by financial services firms as these technologies evolve.

Aligning the Regulatory Framework to Promote Innovation

  • Harmonization of State Licensing Laws:  Encouraging efforts by state regulators to develop a more unified licensing regime, particularly for money transmission and lending, and to coordinate supervisory processes across the states, and recommending Congressional action if meaningful harmonization is not achieved within three years.

  • OCC Fintech Charter:  Recommending that the Office of the Comptroller of the Currency move forward with a special purpose national bank charter for fintech companies.

  • Bank-Nonbank Partnerships:  Recommending banking regulators tailor and clarify regulatory guidance regarding bank partnerships with nonbank firms.

Updating Activity-Specific Regulations

  • Codification of “Valid When Made” and True Lender Doctrines:  Recommending that Congress codify the “valid when made” doctrine and the legal status of a bank as the “true lender” of loans it originates but then places with a nonbank partner, and that federal banking regulators use their authorities to affirm these doctrines.

  • Encouraging Small-Dollar Lending:  Recommending that the BCFP rescind its Small-Dollar Lending Rule and that federal and state financial regulators encourage sustainable and responsible short-term, small-dollar installment lending by banks.

  • Adoption of Debt Collection Rules:  Recommending that the BCFP promulgate regulations under the Fair Debt Collection Practices Act to establish federal standards governing third-party debt collection, including standards that address the reasonable use of digital communications in debt collection activities.

  • Promote Experimentation with New Credit Models and Data:  Recommending that regulators support and provide clarity to enable the testing and experimentation of newer credit models and data sources by banks and nonbank financial firms.

  • Regulation of Credit Bureaus:  Recommending that the Federal Trade Commission and other relevant regulators take necessary actions to protect consumer data held by credit reporting agencies and that Congress assess whether further authority is needed in this area.

  • Regulation of Payments:  Recommending that the Federal Reserve act to facilitate a faster payments system, as well as changes to the BCFP’s remittance transfer rule.

Enabling the Policy Environment

  • Regulatory Sandboxes:  Recommending that federal and state regulators design a unified system to provide expedited regulatory relief and permit meaningful experimentation for innovative financial products, services, and processes, essentially creating a “regulatory sandbox.”

  • Technology Research Projects:  Recommending that Congress authorize financial regulators to undertake research and development and proof-of-concept technology partnerships with the private sector.

  • Cybersecurity and Operational Risks:  Recommending that financial regulators consider cybersecurity and other operational risks as new technologies are implemented, firms become increasingly interconnected, and consumer data are shared among a growing number of third parties.

© 2018 Covington & Burling LLP

Using Technology to improve legal services? Submit to the Chicago Legal Tech Innovator Showcase! Deadline 9-29!

Is your firm combining technology and innovation to serve clients? We want to know about it! The Chicago Legal Tech Innovation Showcase, brought to you by the Chicago Bar Association’s Future of the Profession Committee and Chicago Kent School of Law is October 24th.  Submissions are due by September 29th, 2017.

A panel of distinguished judges will choose five “Best in Show” awards in each of the 2 awards categories: Law Firm/Legal Services and Company/Product/Service. Each award winner will present a 5 minute pitch at the Chicago Kent Auditorium on October 24 and have an opportunity to exhibit during the event. All submissions that meet the criteria will be listed in a Chicago Legal Tech Showcase Guide 2017

 

The Chicago Legal Tech Innovator Showcase will promote the law firms, legal aid orgs, and companies that are using technology to improve legal services in the Chicago area and highlight those whose innovations are exceptional. Whether the end result is better legal knowledge management, more affordable legal services, or improved metrics for decision making and analysis—and regardless of how the services are delivered—we want to hear what you are doing and so does Chicago’s legal community!

 

To learn more and submit go to: http://lpmt.chicagobar.org/chicago-legal-tech-innovator-showcase/

 

Parties Discuss Privacy Issues in Advance of FTC, NHTSA Workshop on Connected Cars

Automated vehicle technology is accelerating, and regulators are racing to keep up.  On June 28, 2017, the Federal Trade Commission and the National Highway Traffic Safety Administration (“NHTSA”) will hold a workshop to examine the consumer privacy and security issues posed by automated and connected vehicles.  The workshop comes several months after the Department of Transportation and NHTSA promulgated a Notice of Proposed Rulemaking (“NPRM”) that would require all new passenger vehicles to be capable of vehicle-to-vehicle (“V2V”) communications by the early 2020s.

The FTC and NHTSA have raised several questions to be addressed at the workshop, including:

  • What data do vehicles with wireless interfaces collect, store, and transmit, and how is that data used and shared?

  • What are vehicle manufacturers’ privacy and security policies and how are those policies communicated to consumers?

  • What choices are consumers given about how their data is collected, stored, and used?

  • What are the roles of the FTC, NHTSA, and other federal agencies with regard to the privacy and security issues raised by connected vehicles?

  • What self-regulatory standards apply to privacy and security issues relating to connected vehicles?

Car manufacturers, tech organizations, privacy organizations, and other parties filed comments in advance of the workshop, responding to these questions and more:

  • The Association of Global Automakers, a group that includes Aston Martin, Ferrari, Honda, Toyota, and others, said that V2V and vehicle-to-infrastructure (“V2I”) communications do not present a significant privacy risk to individuals because they do not collect or store PII or information that can be linked to a particular vehicle. The organization stated that the method of communicating between cars—dedicated short range communications (“DSRC”)—“already has layers of security established into its design.”  The group did acknowledge that privacy and security issues “may be exacerbated” by wireless-enabled aftermarket products connected to on-board diagnostics ports, and said that developers and third parties should therefore take appropriate steps to design and manufacture secure products.

  • CTIA praised the safety benefits that connected vehicle technologies could provide, highlighting how 5G network speed, capacity, and location can improve autonomous vehicle safety and efficiency. The wireless group spoke to both its sector’s experience in addressing data privacy and security across the Internet of Things, and urged the agencies to refrain from imposing vehicle-specific privacy or security regulations which “could be redundant to or conflict with existing privacy and data security protections enforced by the FTC and the Department of Homeland Security.”  CTIA instead said the agencies should promote and expand industry-led initiatives like the NIST Cybersecurity Framework and self-regulatory principles like the auto industry privacy principles.

  • In contrast, EPIC said that “meaningful oversight and enforcement mechanisms” would be necessary to protect consumer privacy. In its discussion of federal policies, the organization stated that enforcement would “require[] a private right of action against companies who misuse and fail to secure personal information.”  The organization also opposed the NPRM’s proposal to create a new Federal Motor Vehicle Safety Standard (“FMVSS”) which would preempt state regulations, arguing that historically, while the federal government has enacted privacy laws, more robust privacy legislation has been implemented at the state level.

  • The Future of Privacy Forum, which runs a Connected Cars Working Group whose members include Fiat Chrysler, Ford, General Motors, Hyundai, Lyft, Toyota, and Uber, urged the agencies to focus on transparency around consumer data use, including the provision of resources that are publicly available, accessible before purchase, and reviewable throughout the life of a vehicle as well as the incorporation of consumer privacy controls when appropriate. The group urged the agencies to encourage industry self-regulatory efforts, saying that they can be enforceable when companies publicly commit.