Tag Archives: European Union General Data Privacy Regulation)

British Barristers Take On Cannabis “Novel Food” Regulation In Brussels

By Marguerite Arnold
No Comments

The first thing to understand about the significance of the British barristers now challenging the EU’s classification of hemp extracts as a novel food is that this is like jumping into the middle of an action adventure by coming in at the second act. In other words, you miss the introduction and the first couple of car chases.

That said, this action movie also features a cannabis-flavored plot. Those used to the maddening hair splitting now going on just about everywhere as the industry gains legitimacy, in other words, are familiar with the larger story line.

Here are the “CBD Cliff’s Notes.”

The structure of cannabidiol (CBD), one of 400 active compounds found in cannabis.

It is highly significant that a major British cannabis trade organization, the Cannabis Trades Association, hired a leading law firm in London to go sue the EU over its recent decision to lump all CBD extracts into the same “novel” distinction. Up until now, only CBD sourced from cannabis had fallen prey to this strange regulation. Thus, the lawsuit. No Brexit themes involved. Yet. Although that too will play a role in all of this.

What Is This Really About?

If those in the CBD business are honest with themselves, the real reason for this segmented part of the cannabis industry to even exist in the first place is the race, desire and need to actually be allowed to operate in relative regulatory peace. No matter what the battles are on the THC front. CBD has been seen as a result, pretty much since the beginning of the new age of legalization, as the “safer” political and market entry choice by those in regions such as U.S. southern states and the burgeoning, can’t-wait-to-be-off-to-the-races, market in Europe. See the new federal hemp legalization bill in the United States as Exhibit A.

However, in Europe this has run into more than a few problems since the Swiss put “low THC” or “Cannabis Lite” on the map more locally. Starting with the whole discussion about licensing in general. And then, even more confusingly, about what to actually classify the plant. Especially when it is used in food and cosmetics as opposed to “medicine.”

Specifically, where does the cannabis plant in general, let alone its individual components, really fall when it comes to regulated human consumption?

european union states
Member states of the European Union

For the time being- read last year when the industry in Spain was facing police busts over CBD cookies on the shelves at health stores- the conventional industry wisdom was that this whole furore was “just” over the use of concentrates, tinctures and other products made from cannabis-sourced CBD. However, given the noise that Austria managed to make over Christmas about the entire “licensing” issue (namely who has the right to produce, sell and package even CBD as a cannabinoid no matter where it is sourced), the EU also moved all CBD products and tinctures- even those made from good old hemp- into the novel food category.

This means in effect, that even CBD extracts produced from the hemp plant (which is actually the majority of such product in Europe) must now be regulated as a “novel food” too. Even though in poor old hemp’s case, it is certainly the case that health food nuts have been consuming the same in Europe long before (and certainly after) standing EU “novel food” regulations were put into place back in the late 90’s.

Thus, the lawsuit, launched from a country unsure of whether it will even be in the EU post-May (either the month or the current PM).

According to the EU at least for now, CBD itself is a “novel food” no matter from where it is sourced. And that, according to not only science but food history is an absolute fallacy.consumer safety, from factory to pharmacy or farm to table, is never far from the discussion

Likely Outcomes

Those who were hoping that CBD would remain unregulated in the EU should think again. It is highly likely that what will happen is that CBD production licensing is in the cards and just about everywhere. Think GMPs but with a consumer-food twist.

While indie producers might groan at the prospect of fees and licensing procedures, remember this is Europe. And consumer safety, from factory to pharmacy or farm to table, is never far from the discussion.

While this lawsuit, in other words, is likely to make the EU think more closely about regulating CBD in general, what is most likely to happen is that entire enchilada will be lumped under a regime to insure that high quality production, particularly of crops bound for consumption, is also extended to anything that ends up in either a food or cosmetic product.

CBD Producers Have To Keep Current On Regs

Given the current murkiness that exists, in other words at this point across Europe, in every country and for every CBD product, exports here from other places are still not a great idea.

There are labeling, licensing and of course, ultimately legislative issues that are all still in flux. And while the outcome of the lawsuit might eventually regulate and standardize things, the idea that a license-free CBD production industry is clearly now dead in the water.

Why Does GDPR Matter for The Cannabis Industry?

By Marguerite Arnold
2 Comments

The global cannabis industry is hitting thorny regulatory challenges everywhere these days as the bar is raised for international commerce. First it was recognition that the entire production industry in Canada would basically have to retool to meet European (medical and food) standards. And that at least for now for the same reasons, American exports are basically a no go.

However, beyond this, the battle over financial reporting and other compliance of a fiscal kind has been a hot topic this year on European exchanges.

As of this summer, (and not unrelated to the other two seismic shifts) there is another giant in the room.

If you haven’t heard about it yet, welcome to the world of EU GDPR (European Union General Data Privacy Regulation).

The German version is actually Europe’s highest privacy standard, which means for the cannabis industry, this is the one that is required for operations here across the continent if you are in this business.

What is it, and what does it mean for the industry?

GDPR – The Elevator Pitch

Here is why you cannot ignore it. The regulation affects bankers as much as growers, distributors as much as producers and of course the entire ecosystem behind medical production and distribution across Europe and actually far beyond it. Starting of course, with patients but not limited to them. The law in essence, applies to “you” whoever you are in this space. That is why it becomes all that much more complicated in the current environment.

While this is complex and far reaching, however, there are a couple of ways to think about this regulation that can help you understand it and how to manage to it (if not innovate with it).

The first is, to American audiences at least, that GDPR is sort of like HIPAA, the federal American privacy civil rights statute that governs medical privacy law. Except, of course, this being Europe, it is far more robust and far reaching. It touches every aspect of electronic privacy including data storage, retention, processing and security that is applicable to modern life. And far, far, beyond just “patients.”

On the marketing side, GDPR is currently causing no end of headaches. Broadly, the legislation, which came into force this year, with real teeth (4% of global revenues if you get it wrong), applies to literally every aspect of the cannabis industry for two big reasons beyond that. Medical issues, which are the only game in town right now in Europe (and thus require all importers to also be in compliance) and financial regulatory requirements.

The requirements in Germany are more onerous than they are in the rest of Europe. Therefore, they also affect the cannabis industry in a big way, especially since there is at this point a great deal of European cultivation with the German (and now British) medical market in mind. Further Germany is becoming European HQ for quite a few of the Canadian LPs. That means German standards apply.

The UK, for those watching all Brexit events with interest, will also continue to be highly affected by this. Whether it stays in the EU or not, it must meet a certain “trusted nation” status to be able to transact with the continent in any kind of favoured nation status.

Bottom line? It is big and here and expensive if you screw it up. If considering doing any kind of business with European customers, start hitting the books now. Large mainstream media organizations in the United States and Canada right now are so afraid of the consequences of getting this wrong that they have blocked readership from Europe for the present. Large financial institutions also must not only be in compliance but compliance of companies also guides their investment mandates on the regulatory front.

For all of these reasons, the cannabis industry would do well to take note.

What Does This Mean for The Cannabis Industry?

The Canadian and rest of the global industry is still struggling with compliance and this will have some interesting repercussions going forward.patient data must be handled and stored differently

Immediately, this means that all websites that are targeted to German eyes (read Canadian LPs and international, even English-only press) should hire German side compliance experts for a quick GDPR audit. There are few European experts at this point, and even fewer foreign ones. It is worth a call around to find out who is doing this auf Deutschland and bite the bullet.

It also means that internally, patient data must be handled and stored differently. And furthermore, it is not just “patients” who have this right, but everyone who transacts with your electronic or other presence. That includes consumers, subscribers to email newsletters and other stakeholders in the industry.

As the cannabis industry also starts to embrace technology more fully, it will also have highly impactful influence on what actually passes for a compliant technology (particularly if it is customer facing) but not limited to the same.

On the marketing side, GDPR is currently causing no end of headaches. Starting with PR and customer outreach teams who are trying to figure out how much of their master mailing lists they can keep and which they cannot. On this front, Mail Chimp is undeniably the go-to right now and has also implanted easy to understand and use technology that is being adopted by European marketers and those targeting Europe.

Stay tuned for more coverage on GDPR as we cover how data protection and privacy regulations will impact cannabis businesses, their marketing and outreach, plus service design efforts (in particular to patients) and other areas of interest.