mHealth—data protection considerations

Copyright © 2025 LexisNexis
Produced in partnership with Francesca Blythe of Sidley Austin and William Long of Sidley Austin
Practice notes

mHealth—data protection considerations

Copyright © 2025 LexisNexis

Produced in partnership with Francesca Blythe of Sidley Austin and William Long of Sidley Austin

Practice notes
imgtext

Digital health developers, manufacturers and distributors of mHealth apps, and any connected software as medical devices (SaMD) or Artificial intelligence (AI) system, must comply with significant Data protection regulations in parallel with regulatory compliance throughout the life cycle of an app’s development and commercialisation to market. This Practice Note focuses, in particular, on the data protection and privacy considerations for mHealth (or mobile health). Further discussion also addresses the more stringent protections surrounding the collection of an individual user’s health data.

The note does not consider broader life sciences regulatory concerns, for example, around medical devices. For further information on the regulation of medical devices, see Practice Note: The regulation of medical software, including mHealth apps.

For further information on the data protection implications of mobile app development more generally, see Practice Note: Mobile app development and data protection.

For a discussion on data protection challenges posed by digital health through different case studies, including wearables and AI diagnostic tools, see Practice Note: Digital health—data protection and privacy case studies

What

Francesca Blythe
Francesca Blythe

Partner, Sidley Austin

FRANCESCA BLYTHE advises international clients on a wide range of data protection, privacy, cybersecurity, and emerging technology issues. She has in-depth experience across multiple industries, including asset management and private equity, payments, technology, retail, e-commerce, and manufacturing. Francesca has a particular focus on life sciences, where she advises on a broad range of issues in relation to clinical studies/investigations, secondary research, digital health, and use of novel technologies (including artificial intelligence). Francesca co-leads Sidley’s benchmarking group for in-house data privacy professionals (dplegal) in the life sciences sector.

Francesca was previously in-house counsel at the largest international health and beauty retailer in Asia and Europe. While there, she regularly gave advice on compliance and strategies relating to data protection laws and assisted in the planning and delivery of a global privacy compliance project.

Read moreRead more
William Long
William Long

Partner, Sidley Austin

WILLIAM LONG is global co-chair of Sidley’s highly ranked Privacy and Cybersecurity practice and heads the EU Data Protection group. He is also a member of the firm’s top-ranked Crisis Management and Strategic Response team, and he serves on the Steering Committee of the firm’s AI Working Group. William advises international clients on a wide variety of AI, GDPR, cyber incident, data protection, privacy, information security, social media, e-commerce, and other regulatory matters.

William has been a member of the European Advisory Board of the International Association of Privacy Professionals (IAPP) and on the DataGuidance panel of data protection lawyers. He is also on the editorial board of e-Health Law & Policy and also assists with dplegal (“data privacy” legal), a networking group of in-house lawyers in life sciences companies examining international data protection issues. 

William was previously in-house counsel to one of the world’s largest international financial services groups. He has been a member of a number of working groups in London and Europe looking at the EU regulation of e-commerce and data protection and spent a year at the UK’s Financial Law Panel (established by the Bank of England) as assistant to the chief executive working on regulatory issues with online financial services.

Read moreRead more
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Related legal acts:
Key definition:
Data protection definition
What does Data protection mean?

In an employment context, this refers to the obligation on an employer to protect the data of its employees and ensure that it complies with the law on how it uses the employees' data.

Read more readmore

Popular documents

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an

Template for regulatory references given by SMCR firms and disclosure requirements

Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of