Summary
This month’s edition highlights major global developments in privacy, AI, and digital health regulation, from California’s new data laws and Germany’s tightened health data transfer rules to Italy’s AI-driven reforms for healthcare research. Across the U.S. and Europe, regulators are sharpening oversight of medical wearables, Femtech apps, and AI technologies, underscoring the shift toward stricter compliance, transparency, and accountability in health innovation.
Regulations & Guidelines
California Tightens Data Privacy Laws
California’s new privacy package introduces rules for AI chatbots, data brokers, and youth online safety. Effective in 2027, the laws mandate browser-based opt-outs, app age verification, and mental health warnings for minors.
Medical Wearables Under Scrutiny
U.S. regulators are tightening oversight of wearables and consumer health tech, emphasizing cybersecurity and data transparency under FDA and FTC frameworks as HIPAA’s limits become clear.
KVKK Narrows VERBIS Exemption for SME Data Controllers
Turkey’s KVKK has updated its VERBIS registration exemptions, limiting them to controllers with fewer than 10 employees and an annual balance sheet under TRY 10 million, even when processing sensitive data. The new decision, effective September 4, 2025, reflects tighter thresholds that may now require many small organizations to reassess their registration obligations.
Germany Issues Stricter Guidance on Cross-Border Health Data Transfers
Germany’s data protection authorities have released new guidelines outlining a two-stage assessment for transferring personal health data outside the EEA for research purposes. The guidance tightens transparency and consent requirements, emphasizing robust safeguards and detailed disclosure of transfer risks and recipient country protections.
AI & Techbio
Funding Surge in Virtual Care
AI-driven healthcare is accelerating, with Counsel Health raising $25M to expand its chatbot-based virtual care platform and tech giants like Microsoft, Athenahealth, and Notable rolling out new AI assistants to streamline clinical, administrative, and claims workflows. From telehealth triage to revenue cycle automation, these initiatives highlight how investor confidence and practical AI adoption are reshaping digital health delivery and efficiency.
Claude Enters the Lab : Health's AI Next phase
Anthropic has launched “Claude for Life Sciences,” linking its AI to research tools like Benchling, 10x Genomics, and PubMed to act as a collaborative scientific assistant focused on reliability and human partnership. The broader health AI landscape is evolving rapidly, with new guidelines, competitive AI scribe tools, and data showing healthcare providers leading adoption across the sector.
AI Adoption Accelerates in Healthcare
A new Menlo Ventures report shows healthcare now adopts AI at over twice the rate of other industries, with 22% of organizations deploying domain-specific tools—seven times more than in 2024. Driven by cost pressures, labor shortages, and rising patient expectations, hospitals and health systems are rapidly scaling AI to improve efficiency, documentation, and care delivery, marking a decisive shift from experimentation to transformation.
Biotech, Healthtech & Healthcare
Femtech and EU Compliance
Femtech apps that diagnose, monitor, or support conception may qualify as medical devices under the EU MDR, triggering strict pre- and post-market requirements. When these products also use AI, they can fall under the EU AI Act’s “high-risk” category -creating overlapping regulatory obligations that demand careful compliance to balance innovation with patient safety and data governance.
Cleveland Clinic and Khosla Ventures Announce Strategic Collaboration
Cleveland Clinic and Khosla Ventures have formed a strategic collaboration to enhance healthcare innovation, allowing Khosla-backed startups to access Cleveland Clinic clinicians for technology validation and adoption. The partnership focuses on AI, digital health, therapeutics, and innovative care delivery models, with plans for joint incubation of new companies.
Data Breach and Cybersecurity
Flo Health & Google Settle for $56M in Reproductive Privacy Settlement
Flo Health and Google agreed to a $56 million settlement resolving claims that the Flo app unlawfully shared sensitive menstruation and pregnancy data with third parties without user consent. The case underscores growing regulatory and legal scrutiny of consumer health apps, especially those handling reproductive data, under California’s strict privacy laws.
Podcasts
iliomad's News
🎉 We’re officially ISO 27001 certified! 🔐
We’re proud to announce that Iliomad has achieved ISO 27001 certification, the international gold standard for information security management.
This certification reflects our ongoing commitment to the highest standards of data protection, governance, and operational excellence — particularly in the sensitive field of health data and life sciences compliance.
This milestone is more than a badge — it’s a reaffirmation of our mission:
to help organizations in life sciences build in a compliant manner.
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Data Protection Solutions For Life Sciences - Newsletter #31
November spotlight: global AI, privacy, and healthtech reforms driving stricter regulatory compliance worldwide.
Data Protection Solutions For Life Sciences - Newsletter #30
From EU courts to AI in healthcare, key insights shaping data protection.
Data Protection Solutions For Life Sciences - Newsletter #29
Our September newsletter is here — covering global regulations, AI breakthroughs in healthcare, cybersecurity threats, and the rise of wellness tech.
