Francesca Blythe

This Practice Note explores the data protection implications of conducting clinical research. In particular, this Practice Note considers the responsibility for data protection compliance in the context of clinical research, the relevant legal grounds for processing personal data for research purposes, transparency requirements, collaborative research and data sharing as well as exceptions to data subject rights when processing personal data in the context of research. Finally, this Practice Note provides a checklist of practical data protection considerations to bear in mind when planning research activities.

Digital health developers, manufacturers and distributors of mobile health (mHealth) apps, and any connected software as medical devices (SaMD) or artificial intelligence (AI) system, must comply with significant data protection regulations in parallel with regulatory compliance throughout the life cycle of an app’s development and commercialisation to market. This Practice Note focuses on the data protection and privacy considerations for mHealth apps, devices or connected medical software (SaMD) in the UK and EEA. mHealth, like telehealth, is a subset of eHealth under the digital health umbrella and refers to the use of mobile applications to allow users to monitor, evaluate and improve their health using mobile devices. Further discussion addresses the more stringent protections required for health data referred to as ‘special category’ data or ‘sensitive’ personal data.