There are other legal regimes that may govern digital health software, including Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”):
- rules for processing personal data.
Act of 18 July 2002 on Electronically Supplied Services (“ESS Act”):
- obligations of the service provider relating to Electronically Supplied Services, rules for exempting the service provider from liability for Electronically Supplied Services, rules for protecting personal data of natural persons using Electronically Supplied Services.
Act of 16 July 2004 – Telecommunications Law (“Telecommunications Law”):
- in particular with respect to storing of or gaining access to information already stored in the telecommunications terminal equipment (e.g., smartphone) of a subscriber or end user.
Act of 4 February 1994 on Copyright and Related Rights (“Copyright Act”):
- in principle, computer programs have the same protection as literary works; and
- economic rights belong to employer of the author, unless agreement between them states otherwise.
The Act on the National Cybersecurity System of 5 July 2018 (“Cybersecurity Act”):
- Healthcare sector entities may be covered by the obligations set out by the Cybersecurity Act, including those related to cybersecurity risks and incident management, e.g., to implement appropriate security and organisational measures. In consequence, such obligations may influence indirectly digital health software providers operations.
The Act of 6 November 2008 on Patient’s Rights and on the Patient Ombudsman (“Act on Patient’s Rights”),
- The Act on Patient’s Rights sets out the rules of outsourcing that apply to healthcare entities in addition to those stemming from the GDPR. Given that digital health software providers may be considered as data processors, they could be contractually obliged to comply with those requirements.
As a side note, certain aspects of digital health software may be governed by the Polish Act on Competition and Consumer Protection. This act may apply, in particular, where digital health software is designed in such a way that it requires consumers to give access to their data, e.g., phone book, camera, exact location, making it a necessary condition to download the software. In addition, it is often the case that the software providers use the acquired data in unspecified or unknown ways.
Pursuant to Polish law, undertakings are obliged to provide consumers with reliable, truthful and comprehensive information on the products and services sold. In the case of digital health software, consumers should be provided with clear information about which parts of their data will be used and how. More importantly, consumers should be informed of this fact prior to downloading the app.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.