mHealth—data protection considerations

Produced in partnership with Francesca Blythe of Sidley Austin and William Long of Sidley Austin
Practice notes

mHealth—data protection considerations

Produced in partnership with Francesca Blythe of Sidley Austin and William Long of Sidley Austin

Practice notes
imgtext

Digital health developers, manufacturers and distributors of mHealth apps, and any connected software as medical devices (SaMD) or Artificial intelligence (AI) system, must comply with significant Data protection regulations in parallel with regulatory compliance throughout the life cycle of an app’s development and commercialisation to market. This Practice Note focuses, in particular, on the data protection and privacy considerations for mHealth (or mobile health). Further discussion also addresses the more stringent protections surrounding the collection of an individual user’s health data.

The note does not consider broader life sciences regulatory concerns, for example, around medical devices. For further information on the regulation of medical devices, see Practice Note: The regulation of medical software, including mHealth apps.

For further information on the data protection implications of mobile app development more generally, see Practice Note: Mobile app development and data protection.

For a discussion on data protection challenges posed by digital health through different case studies, including wearables and AI diagnostic tools, see Practice Note: Digital health—data protection and privacy case studies

What

Francesca Blythe
Francesca Blythe

Partner, Sidley Austin


FRANCESCA BLYTHE advises international clients on a wide range of data protection, privacy, cybersecurity, and emerging technology issues. She has in-depth experience across multiple industries, including asset management and private equity, payments, technology, retail, e-commerce, and manufacturing. Francesca has a particular focus on life sciences, where she advises on a broad range of issues in relation to clinical studies/investigations, secondary research, digital health, and use of novel technologies (including artificial intelligence). Francesca co-leads Sidley’s benchmarking group for in-house data privacy professionals (dplegal) in the life sciences sector.

Francesca was previously in-house counsel at the largest international health and beauty retailer in Asia and Europe. While there, she regularly gave advice on compliance and strategies relating to data protection laws and assisted in the planning and delivery of a global privacy compliance project.

William Long
William Long

Partner, Sidley Austin


WILLIAM LONG is global co-chair of Sidley’s highly ranked Privacy and Cybersecurity practice and heads the EU Data Protection group. He is also a member of the firm’s top-ranked Crisis Management and Strategic Response team, and he serves on the Steering Committee of the firm’s AI Working Group. William advises international clients on a wide variety of AI, GDPR, cyber incident, data protection, privacy, information security, social media, e-commerce, and other regulatory matters.

William has been a member of the European Advisory Board of the International Association of Privacy Professionals (IAPP) and on the DataGuidance panel of data protection lawyers. He is also on the editorial board of e-Health Law & Policy and also assists with dplegal (“data privacy” legal), a networking group of in-house lawyers in life sciences companies examining international data protection issues. 

William was previously in-house counsel to one of the world’s largest international financial services groups. He has been a member of a number of working groups in London and Europe looking at the EU regulation of e-commerce and data protection and spent a year at the UK’s Financial Law Panel (established by the Bank of England) as assistant to the chief executive working on regulatory issues with online financial services.

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Data protection definition
What does Data protection mean?

In an employment context, this refers to the obligation on an employer to protect the data of its employees and ensure that it complies with the law on how it uses the employees' data.

Popular documents