On June 7, 2016, the European Commission published its final draft Code of Conduct on privacy for mobile health apps ("Code"). The Code aims to raise awareness of the data protection rules in relation to mHealth apps, facilitating and increasing compliance at the EU level for app developers. The issues covered by the Code are: user's consent, purpose limitation and data minimization, privacy by design and by default, data subjects' rights and information requirements, data retention, security measures, principles on advertising in mHealth apps, use of personal data for secondary purposes, disclosing data to third parties for processing operations, data transfers, personal data breach, and data gathered from children. The Code has been formally submitted for comments to the Article 29 Data Protection Working Party. Once approved by this independent EU advisory group, the Code will be applied in practice. App developers will be able to voluntarily commit to follow its rules, which are based on EU data protection legislation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.