September 1, 2021
"A final version of the law has not been published but a previous draft included rules around requiring consent for data protection and punishments for companies that did not comply."

Why this is important: China has joined the growing list of countries to enact comprehensive data collection, processing, and protection laws by enacting the Personal Information Protection Law. While the final text has not yet been published, it is expected to contain guidelines on the collection of personal data, limits on companies transferring data outside of the country, and prohibiting companies from discriminating against individuals who do not consent to data collection (with some limitations). It will be interesting to compare how China will stack up in terms of enforcement of its laws and the priorities of their enforcement plans. --- Risa S. Katz-Albert
"TikTok may be using your biometric data. This change has sparked Sen. Amy Klobuchar (D-Minn.) and Sen. John Thune (R-S.D.) to ask TikTok for more information on how the app plans to use that data they said they’d begin collecting. Similarly, Apple executives have said they want to support digital IDs with biometric identifiers in their Wallet app. This could allow a lot of functions, even legal functions, to become "administrative." 
Why this is important: TikTok notified its users that it may be using biometric data of those on its videos. What does that mean? Evidently, at least facial recognition and voiceprint. Which, presumably, they could sell. Two senators are asking for more information. For example, what exactly will be collected? How will it be cataloged and secured? Can it be sold? Will this be collected for minors? Etc.

On a related note, Apple is filing patents and collecting data in hopes of making traffic stops purely electronic transactions, where a person's facial recognition could identify them, the police can look up all the relevant data on the computer, converse with the "suspect" by phone or another means, and issue a ticket (or not) electronically. Facial recognition already is being used in many cities with cameras on every corner. Minority Report, anyone? This is like cooking a frog, as we progressively lose privacy. --- Hugh B. Wellons
"The company also recently used Fitbit data to study the activity, sleep and resting heart rate changes triggered by COVID-19 infection."

Why this is important: Fitbit has entered into a collaborative agreement with LifeScan, a company that provides tools to assist with glucose management and diabetes. Many consumers use Fitbit to monitor their activity levels, heartbeat, sleep patterns, water consumption and calories burned. This latest partnership will further expand Fitbit's role in providing healthcare services well beyond recording activity levels as they seek to remain competitive in the health wearables market.

Patients living with diabetes will be able to access the One Touch Reveal app, which provides glucose monitoring and the ability to link with healthcare providers. Those who purchase the new features will receive a Fitbit Inspire 2 and access to Fitbit Premium, which provides workouts and insights into the Fitbit data.

Fitbit recently used data to study the activity, sleep, and resting heart rate changes triggered by COVID-19. This latest partnership will provide consumers with the tools to address their health in an integrated fashion. As this market continues to evolve, it will be interesting to see what other data will be made available and how such expansion will impact the privacy of health data. --- Annmarie Kaiser Robey
"Alleged perpetrators used malware to send funds to their own bitcoin addresses."

Why this is important: This article is dedicated to everyone who thinks Bitcoin is anonymous and untraceable. Andrew Schober downloaded from Reddit what he thought was a Bitcoin wallet named "Electrum Atom" but what instead was malware. The malware sat dormant until Schober attempted to transfer some of his Bitcoin from one address he maintained to another. The malware sprang into action and changed the recipient Bitcoin address to one its authors controlled. When Schober activated the transfer, the Bitcoin were sent to the malware's authors. Schober lost 16.4552 Bitcoin, which at current prices is about $773,000. The story would end there if Bitcoin were anonymous and untraceable as some believe. However, through a combination of blockchain analysis tracking the flow of the Bitcoin through multiple transactions after its theft and old-fashioned detective work on Reddit threads, Schober was able to locate the two masterminds he believed were behind Electrum Atom. Because both were minors at the time of the theft, Schober sent a letter to their parents requesting the return of his Bitcoin and promising to drop the matter. They didn't respond, and Schober filed a lawsuit against the two and their parents. One of the parents moved to dismiss the lawsuit, arguing that the statute of limitations on Schober's claims has run. Schober countered that the discovery rule tolled the running of the statute of limitations until he discovered the identities of the two bad actors. The lawsuit remains pending. This story highlights the ability, in some instances, to track Bitcoin and other cryptocurrencies through blockchain analysis and shows why it's inaccurate to claim Bitcoin transactions are anonymous and untraceable. --- Nicholas P. Mooney II
"Now, Tohoku University researchers have developed a new analytical method that visualizes cell functions in MPS using scanning probe microscopy (SPM)."

Why this is important: This article presents more information about creating an imbedded chip that will help to analyze medical problems and the likely efficacy (or danger) of a specific treatment. This could save many lives. The concern is whether it also could provide more health information than we want to provide, potentially to people we don't want to have it. --- Hugh B. Wellons
"In addition, FDA wants new postmarket authority to require that manufacturers adopt policies and procedures for coordinated disclosure of cybersecurity vulnerabilities as they are identified."

Why this is important: Despite the extensive, and growing, reliance by medical technologies on the Internet of Things and the security risks that come with it, there has not yet been legislation passed requiring disclosure to patients and perspective patients about the potential cyber risks of these devices. The FDA is now seeking to remedy this. While the security of implanted devices, both present and their ability to be patched as needed, is an obvious place to begin regulation, the issue poses complex problems without an easy solution. To require documentation and disclosure of security architecture for medical devices, patients could make more informed choices, but the same information can serve as a road map to bad actors seeking to hack into these devices for nefarious purposes, making a disaster more likely. The medical device industry is not alone in facing this issue, but zero day vulnerabilities in the medical context can have life and death consequences on a scale beyond even the biggest data breaches. --- Risa S. Katz-Albert
"'For the first time, we've charted a path toward the industrial scalability of exosome purification for oral drug delivery.'"

Why this is important: Many people have trouble swallowing pills. They have successfully separated nano capsules from cow's milk that they could fill with needed medicine, allowing people to drink a milkshake instead of swallowing a pill. Of course, that presumes that the milkshake also works for those who are lactose intolerant! Notice that this work is being done locally for us, at Virginia Tech. --- Hugh B. Wellons
Thank you for reading this issue of Decoded! We hope you found the information timely and useful. If you have topics you would like us to cover or would like to add someone to our distribution list, please email us.

Nicholas P. Mooney II, Editor of Decoded and Chair of Spilman's Technology Practice Group
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.
Responsible Attorney: Michael J. Basile, 800-967-8251