Matter / Experience

Advising global provider of leading health app with 300 million users on GDPR compliant redesign of privacy notices

Apps

Children Data Protection

Data Protection Advice

Data Protection Consent

Health App

Health Data Protection

Dr. Thomas Helbing

Self-Employed

(Lawyer)

HELBING Kanzlei für IT- und Datenschutzrecht

München, Germany

English, German

Contact

Profile

Available

Matter confirmed by Client

excellent legal knowledge

goal-oriented approach

pragmatic and practical

ASTRAL IP ENTERPRISE LTD, February 2024

Client Information

Description:

International provider of a health app

Branch:

Healthcare and Life Sciences

Information Technology

Country:

Canada

Company Size:

Medium (100-1000 employees)

Matter Details

Practice Area:

Data Protection Law

Jurisdiction:

Germany

Matter Type:

Specific advice

Type of service:

Advice

Year:

2024

Role:

Sole advising lawyer

Work scope:

10 - 50 hours

Description

My client is a leading provider of a health app that reaches over 300 million users worldwide and is based outside the European Union. Due to the global reach of the app and the fact that many users are from the EU, including minors, the client faced the challenge of meeting the strict privacy requirements of the General Data Protection Regulation (GDPR). This became particularly important because the app processes health-related data, which is considered especially sensitive under the GDPR. Additionally, there were critical media reports about similar apps, increasing the pressure to create maximum transparency and comply with GDPR regulations.

Challenges

The main challenge was to revise the app's privacy notices to meet the high requirements of the GDPR, especially in terms of transparency and the processing of sensitive health-related data. It was crucial to clearly address the requirement for consent while simultaneously informing users about the data processing procedures comprehensively. Moreover, I had to ensure that the privacy notices were understandable for underage users.

Work Results

I conducted a comprehensive consultation on the scope of the GDPR and the specific requirements arising for the client. This included advising on the requirement for consent and the implementation of measures for data minimization and encryption. I completely redesigned the privacy notices for EU users, aiming to create maximum transparency while fully meeting the GDPR provisions. The new privacy notices are characterized by their precision and understandability, particularly regarding the processing of sensitive data and the rights of underage users.

Contribution to the Client's Success and Gained Experience

The result of my work was precise and easily understandable privacy notices, which not only make the client GDPR-compliant but also increase transparency for the users. This helps to build the users' trust in the app and positively highlight the app in reviews. The close collaboration with the client's developers also provided me with an in-depth look into the technology behind the app, including the use of Google Firebase and payment processes of iOS and Android.

View profile Contact Dr. Thomas Helbing

Additional Information

This page describes a matter, case or other experience of a lawyer. The described experience may also stem from work at previous law firms.