According to Article 40.1 of the EU General Data Protection Regulation (GDPR), the national supervisory authorities in the European Economic Area shall “encourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, has to establish the requirements that will apply to their accreditation bodies, the so-called supervisory bodies, which will be responsible in monitoring compliance with the code of conduct by the controllers or processors that undertake to apply it.
In a judgment delivered on 9 July 2020, the CJEU held that a new therapeutic application for an authorised medicinal product cannot be the subject of a supplementary protection certificate (SPC). This clarifies the position on an issue that has been unclear for nearly a decade, but will be unwelcome to companies in the healthcare and life sciences sector who have invested, and continue to invest, in the development of new therapeutic applications for authorised products. It will have a significant impact on pending SPC applications relating to second medical uses.