Data Protection Solutions For Life Sciences - Newsletter #30

Regulations & Guidelines

­­

CJEU Refines “Personal Data” in Cases of Pseudonymisation

­On 4 September 2025, the Court of Justice of the EU ruled in EDPS vs SRB (C-413/23 P) that pseudonymised data is not automatically considered personal data under the GDPR for all recipients. The ruling also affirms that controllers must inform data subjects at the moment of data collection about any onward sharing, even if the data will later be pseudonymised.

­ Click to read more­

General Court Upholds EU-U.S. Data Privacy Framework (DPF) in Latombe v Commission

­In its judgment of 3 September 2025 in Latombe v Commission (T-553/23), the General Court dismissed an annulment action against the EU Commission’s adequacy decision for the United States, confirming that the Data Privacy Framework remains valid for transatlantic data transfers.

­ Click to read more­

ENISA Publishes Cybersecurity Guide for Healthcare

­The European Union Agency for Cybersecurity (ENISA) has released a practical booklet to help healthcare organizations strengthen their cyber resilience. The guide offers actionable steps for safeguarding sensitive medical data and reducing exposure to cyber threats. It is tailored for both large hospitals and healthcare providers, as well as smaller entities such as specialist clinics and general practitioners.

­ Click to read more­

EU and Brazil Move Closer to Mutual Data Adequacy Under GDPR

­The European Commission has launched the process to recognize Brazil’s data protection framework as adequate under the GDPR. Once adopted, this would allow personal data to flow freely between the EU and Brazil without additional transfer mechanisms. Brazil is also working toward reciprocal recognition, though the decision must still pass reviews by EU institutions before taking effect.

­ Click to read more­

EU Data Act Set to Reshape Health & Medical Devices

­Coming into force in September 2025, the EU Data Act will oblige manufacturers of connected health and medical devices - from pacemakers to fitness trackers - to provide users free access to their usage data and enable its transfer to third parties. The law also requires clear product data information before contracts are signed. Companies are urged to adapt early to avoid compliance risks and costly recertifications.

­ Click to read more ­

Italy is the First EU Country to Enact its AI Act Law

­Italy has enacted the first national AI law in the EU, complementing the EU AI Act, which promotes transparent and secure AI use and regulates its application in healthcare, research, and digital services. The law also addresses deepfakes, copyright for AI-assisted works, minor consent, and entrusts enforcement to AgID and the National Cybersecurity Agency with a €1 billion investment programme.

­ Click to read more­

AI  and Techbio

­­

AI Drug Discovery: From Hype to Hard Lessons

­Despite billions invested, early AI-driven drug discovery start-ups have yet to deliver an approved medicine, as the complexity of human biology continues to outpace technological capabilities. While initial promises fell short, breakthroughs like AlphaFold2 and generative AI are renewing optimism that more advanced tools and richer datasets could eventually unlock real progress in pharmaceutical research.

­ Click to read more­

Oracle Unveils New AI Features to Boost Patient and Clinical Experience

­Oracle Health is heavily expanding its AI capabilities across clinical workflows, revenue cycle management, and patient engagement, introducing features that let patients use conversational AI in their portal to get plain-language explanations of diagnoses or lab results, ask about their medical records, and more. At the same time, Oracle is embedding AI agents into its electronic health record system to help with tasks like prior authorizations, billing, identifying care gaps, and matching patients to clinical trials. The company also launched an AI Center of Excellence to support healthcare organizations in deploying these tools responsibly and effectively.

­ Click to read more­

OpenAI Brings in Industry Veterans to Lead Healthcare AI Push

­OpenAI is accelerating its healthcare ambitions by hiring Nate Gross, cofounder and former chief strategy officer of Doximity, to lead its go-to-market healthcare strategy, and Ashley Alexander, former co-head of product at Instagram, as VP of Product in its health division. The move signals a shift from OpenAI simply powering partners’ health tech to building its own tools for clinicians and consumers, building on recent breakthroughs like GPT-5 and the HealthBench benchmark to validate safety and accuracy.

­ Click to read more­

BioTech, Healthtech and Healthcare

­­

Apple Unveils New Sleep and Hearing Health Features

­Apple has introduced major health-focused updates: the Apple Watch gains a new “Breathing Disturbances” metric with notifications for possible moderate-to-severe sleep apnea, while AirPods Pro 2 debut an integrated hearing suite that includes hearing protection, a clinic-grade hearing test, and an over-the-counter hearing aid feature. These tools aim to empower users to monitor and act on key sleep and hearing health issues more proactively, while maintaining privacy and seeking regulatory approvals globally.

­ Click to read more­

Digital Pregnancy Tracking Tools Reshape Maternal Care

­Recent analysis highlights the rapid adoption of digital pregnancy tracking tools, ranging from simple applications to AI-powered wearables. These platforms integrate biometric monitoring, predictive analytics for conditions such as gestational diabetes and mental health support. While they enhance personalization and accessibility, the legal framework presents serious questions to be addressed, especially in privacy, while interoperability with clinical systems is also challenging the technical field.

­ Click to read more­

Podcasts 

­­

• Can AI Hear Cancer in your Voice ?

‍

­

• Cybersecurity in Medical Devices - What QA / RA Must Do Today 

• The Vision For Patient Engagement 

iliomad's News

­

IAPP 2025 Here We Come !

­The iliomad team is excited to be at the IAPP Congress 2025 in Brussels! We can’t wait to connect, exchange insights, and be part of the global data protection community.

­