mHealth—data protection considerations
Produced in partnership with William Long and Francesca Blythe of Sidley Austin
mHealth—data protection considerations

The following Life Sciences guidance note Produced in partnership with William Long and Francesca Blythe of Sidley Austin provides comprehensive and up to date legal information covering:

  • mHealth—data protection considerations
  • What is mHealth?
  • Key guidance
  • When and why is data protection relevant?
  • Personal data and data concerning health
  • Controller or processor
  • Lawful grounds for processing
  • Transparency
  • Data protection by design and by default
  • Data subject rights
  • more

BREXIT: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the General Data Protection Regulation applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for many purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. As a third country, the UK can no longer participate in the EU’s political institutions, agencies, offices, bodies (except to the limited extent agreed), but it must submit to the continuing jurisdiction of the Court of Justice of the EU during the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection. For further reading about the impact of Brexit on the Life Sciences, see: Brexit—Life Sciences and News Analysis: Brexit Bulletin—key updates, research tips and resources.

What is mHealth?

‘mHealth’ (ie mobile health) is a subset of eHealth (ie the use of information and communication technologies for health) and refers to the use of mobile applications to allow users to monitor,