Matter / Experience

Advising global provider of leading health app with 300 million users on GDPR compliant redesign of privacy notices

Children Data Protection
Data Protection Advice
Data Protection Consent
Health App
Health Data Protection
Privacy Policy

Dr. Thomas Helbing

HELBING Kanzlei für IT- und Datenschutzrecht

München, Germany

English, German

You current availability

Matter confirmed by Client

excellent legal knowledge
goal-oriented approach
pragmatic and practical

Client Information

International provider of a health app
Healthcare and Life Sciences
Information Technology
Company Size:
Medium (100-1000 employees)

Matter Details

Practice Area:
Data Protection Law
Matter Type:
Specific advice
Type of service:
Sole advising lawyer
Work scope:
10 - 50 hours


My client is a leading provider of a health app that reaches over 300 million users worldwide and is based outside the European Union. Due to the global reach of the app and the fact that many users are from the EU, including minors, the client faced the challenge of meeting the strict privacy requirements of the General Data Protection Regulation (GDPR). This became particularly important because the app processes health-related data, which is considered especially sensitive under the GDPR. Additionally, there were critical media reports about similar apps, increasing the pressure to create maximum transparency and comply with GDPR regulations.


The main challenge was to revise the app's privacy notices to meet the high requirements of the GDPR, especially in terms of transparency and the processing of sensitive health-related data. It was crucial to clearly address the requirement for consent while simultaneously informing users about the data processing procedures comprehensively. Moreover, I had to ensure that the privacy notices were understandable for underage users.

Work Results

I conducted a comprehensive consultation on the scope of the GDPR and the specific requirements arising for the client. This included advising on the requirement for consent and the implementation of measures for data minimization and encryption. I completely redesigned the privacy notices for EU users, aiming to create maximum transparency while fully meeting the GDPR provisions. The new privacy notices are characterized by their precision and understandability, particularly regarding the processing of sensitive data and the rights of underage users.

Contribution to the Client's Success and Gained Experience

The result of my work was precise and easily understandable privacy notices, which not only make the client GDPR-compliant but also increase transparency for the users. This helps to build the users' trust in the app and positively highlight the app in reviews. The close collaboration with the client's developers also provided me with an in-depth look into the technology behind the app, including the use of Google Firebase and payment processes of iOS and Android.

Additional Information

This page describes a matter, case or other experience of a lawyer. The described experience may also stem from work at previous law firms.