Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Similar documents
How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

Borderless ehealth in support of healthy citizens in Europe

General Data Protection Regulation (GDPR) The impact of doing business in Asia

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

EU draft mhealth app assessment guidelines: Open Stakeholder Meeting 9 th June. Andrew Ruck & Charles Lowe

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

PS Mailing Services Ltd Data Protection Policy May 2018

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

Data Processing Agreement

GDPR - Are you ready?

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Motorola Mobility Binding Corporate Rules (BCRs)

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Privacy Policy. You may exercise your rights by sending a registered mail to the Privacy Data Controller.

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

The Role of the Data Protection Officer

FAQ about the General Data Protection Regulation (GDPR)

Data Protection Policy

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Islam21c.com Data Protection and Privacy Policy

CommuniGator. Your GDPR. Compliance Checklist

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Report of the Working Group on mhealth Assessment Guidelines February 2016 March 2017

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

TIA. Privacy Policy and Cookie Policy 5/25/18

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

ARTICLE 29 DATA PROTECTION WORKING PARTY

ehealth in Europe: at the convergence of technology, medicine, law and society

Google Cloud & the General Data Protection Regulation (GDPR)

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI

Introductory guide to data sharing. lewissilkin.com

INTERMEDIATE EVALUATION

Directive on security of network and information systems (NIS): State of Play

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

NEWSFLASH GDPR N 8 - New Data Protection Obligations

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

DATA PROCESSING AGREEMENT

Data Privacy Statement for myportal to go

General Data Protection Regulation (GDPR) NEW RULES

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Data Protection and GDPR

The isalon GDPR Guide Helping you understand and prepare for the legislation

DATA PROTECTION POLICY THE HOLST GROUP

In this Policy the following terms shall have the following meanings:

Eco Web Hosting Security and Data Processing Agreement

Kohelet Policy Forum R.A. Site Legal Terms. What personal data we collect and why we collect it. Comments. Media. Contact forms and newsletter

ADMA Briefing Summary March

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

GDPR: A QUICK OVERVIEW

NOTICE OF PERSONAL DATA PROCESSING

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

CTI BioPharma Privacy Notice

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Data Protection System of Georgia. Nina Sarishvili Head of International Relations Department

Data Processing Agreement for Oracle Cloud Services

2. Who we collect information (data) from & why we collect it

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?


EY s data privacy service offering

Accelerate GDPR compliance with the Microsoft Cloud

Site Builder Privacy and Data Protection Policy

GC0104:EU Connection Codes GB Implementation Demand Connection Code

Request for Expressions of Interest: The EU mhealth Hub

Regulating Telemedicine: the

Preparing for the GDPR

GUIDELINES FOR THE USE OF THE e-commerce WORKFLOW IN IMI

PROJECT BACKGROUND AND RATIONALE

The Rough Notes Company, Inc. Privacy Policy. Effective Date: June 11, 2018

Data Management and Security in the GDPR Era

A comprehensive approach on personal data protection in the European Union

EU Data Protection Agreement

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

Information Security Incident Reporting Policy

Cybersecurity Considerations for GDPR

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

European Commission Initiatives in telemedicine Presentation endorsed by the European Commission

Privacy Policy. MIPS Website Privacy Policy. Document Information. Contact Details. Version 1.0 Version date March 2018.

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

Discussion on MS contribution to the WP2018

Element Finance Solutions Ltd Data Protection Policy

Data Processing Clauses

ATHLETICS WORLD CUP PRIVACY NOTICE

Introduction. Prepared by: ICANN Org Published on: 12 January 2018

Emsi Privacy Shield Policy

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

DATA PROTECTION LAWS OF THE WORLD. Bahrain

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

Birgit Morlion. DG Communications Networks, Content and Technology (DG CONNECT)

GDPR is coming in less than 2 months Are you ready?

Transcription:

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016 Pēteris Zilgalvis, J.D., Head of Unit for Health and Well-Being, DG CONNECT

Table of Contents 1. Context and scope 2. Objectives and process 3. Structure 4. Content

Context and scope Green Paper on mhealth (2014): Public consultation identified importance of strong privacy and security tools to increase trust in mhealth apps; Agreement to work on a Code of Conduct on mhealth apps at stakeholder meeting in March 2015 Legal basis in Article 27 of the Data Protection Directive (Article 40 of the GDPR); Code of Conduct as a voluntary instrument; Scope: covering data protection principles to be followed in the development of mhealth apps (apps processing health data);

Objectives and process Objectives: Raising awareness and facilitating compliance with data protection rules at EU level; Increased trust by citizens; Competitive advantage. Parties involved: drafting team made up of industry members; the EC facilitating and coordinating the process; external editor to assist the drafting; Current state of play: Draft Code is finalised and was submitted to the Article 29 Working Party for their review on 7 June 2016

Overview of the process Drafting the Code Wider distribution to stakeholders Submission of the Code to the 29WP Receiving and processing feedback Final approval by 29WP Application in practice

Content of the Code of Conduct About the Code of Conduct: Introduction Objective Scope: mobile apps which process personal data, including health data Governance Practical Guidelines for app developers Annex I Data Protection Impact Assessment (template) Annex II Privacy policy (sample)

Practical Guidelines I User's consent: free, specific and informed (explicit consent for health data); Main principles: Purpose limitation, data minimisation, Privacy by design and Privacy by default; Information requirements: name and contact of the developer, purpose of processing, categories of data; Retention of the data: not longer than necessary; Security measures: technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, access etc.;

Practical Guidelines II Use of advertisement in apps: context-related ads Optout, personalised ads Opt-in; Secondary use of the data: compatible with the original purpose, otherwise new consent needed; Disclosure to third parties for processing operations: information of the user, binding legal agreement; Transfer to third countries: based on legal guarantees (such as adequacy decisions, European Commission Model Contracts); Personal data breaches: checklist, notification duty;

Governance structure General Assembly representatives of app developers, the data protection community, industry associations and end-users; consultative organ; ensuring financial stability; Governance board appointed by the General Assembly; decision making powers; maintenance, interpretation and evolution of the Code; Monitoring body monitoring compliance and enforcement of the Code; in accordance with the requirements of the GDPR (expertise, independence);

Thank you! peteris.zilgalvis@ec.europa.eu @PZilgalvis

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback