2017 has started with a bang on the data protection front. There
have been several developments these past few months, ranging from
updates on the new EU General Data Protection Regulation
("GDPR"), coming into force in May 2018, to the
establishment of a Swiss-EU Privacy Shield. In relation to mHealth
Code of Conduct for mHealth is still with the Article 29
Working Party (the EU data protection representative body, or
"WP29") – such codes of conduct have a raised
status in the GDPR and are likely to play a more significant role
going forwards. We provide a snapshot of the latest developments
Firstly, there have been several steps forward in relation to
the GDPR. The UK data protection regulator, the "ICO",
has been consistent in its support for preparation of the GDPR in
the UK following the Brexit vote last year. In January, we have
seen the ICO provide an update on the GDPR guidance that it will be publishing for
organizations in 2017, and the WP29 adopt an action plan and
publish guidance on three key areas of the GDPR. MP Matt Hancock
(Minister of State for Digital and Culture with responsibility for
data protection) also suggested in December and February that a radical departure from the
GDPR provisions in the UK after Brexit is unlikely, despite being
careful not to give away the intentions of the UK government.
On the electronic communications front, the European Commission
published a draft E-Privacy Regulation in January, which is currently being assessed by
the WP29, European Parliament and Council. The new Regulation is
designed as an update to the E-Privacy Directive, and will sit
alongside the GDPR to govern the protection of personal data in
relation to the wide area of electronic communications, whether in
the healthcare sector or otherwise (such as those via WhatsApp,
Skype, Gmail and Facebook Messenger).
In relation to global personal data transfer mechanisms, in
January the Federal Council of Switzerland announced that there
would be a new framework for transferring personal data (including
health data) from Switzerland to the US; the Swiss-EU Privacy
Shield. As with the EU-US Privacy Shield, the Swiss-US Privacy
Shield has been agreed as a replacement of the Swiss-US Safe Harbor
framework. The establishment of the new Swiss-EU Privacy Shield
means that Switzerland will apply similar standards for transfers
of personal data to the US as the EU. Organizations can sign up to
the Swiss-EU Privacy Shield with the US Department of Commerce from
2017. If organizations have already self-certified to the EU-US
Privacy Shield, they will be able to add their certification to the
Swiss-US Privacy Shield on the Privacy Shield website from 12 April
These developments need to be taken into consideration by
organizations that are creating and implementing digital health
products, such as mHealth apps, which operate in a space that can
bring up several regulatory questions. Further information can be
found in our recent
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The recent Avian Flu outbreak across Europe has been raising cholesterol across the industry since December of last year when the government issued a prevention order requiring farmers to keep their birds inside to help prevent the spread of the disease.
The National Institute for health and Care Excellence (NICE) provides guidance to the NHS in England on the clinical and cost effectiveness of selected new and established technologies through its healthcare technology assessment (HTA) program.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).