Our Priorities

Privacy, Liability and Collective Redress

MedTech Europe engages with members and EU stakeholders on key topics such as privacy, liability and collective redress. The reason for this engagement stems from the fact that medical technology companies doing business in Europe are subject to a host of legislation they comply with.

Undescribed image

The above-mentioned legislation regulates the safety and performance of medical technology (i.e. Medical Devices Regulation and In vitro Diagnostic Regulation) as well as market surveillance legislation more in general, including the General Data Protection Regulation (GDPR), the Product Liability and Artificial Intelligence Liability Directives, as well as the Representative Actions Directive. The latter rules are European Union (EU) ‘horizontal’ rules, and not sector specific.

In view of this matrix of rules, as well as the companies’ commitment to highest standards of product safety, security and data protection, it is important to ensure consistency of these rules to foster medical technology innovation and access of safe and effective medical technologies in the EU.

Privacy and Data Protection

The medical technology industry is committed to the highest standards when processing or handling sensitive data, such as patients’ personal data. 

MedTech Europe recognises and supports the General Data Protection Regulation (GDPR), which came into effect in 2018, aiming to modernise and improve personal data protection in the European Union. Even before the overhaul of data protection rules in the EU, the medical technology industry was committed to applicable data protection laws ensuring the confidentiality of patient data.

For research, the industry follows several standards that are frequently referenced in regulations around the world, such as Good Clinical Practice, the Declaration of Helsinki, and several ISO standards.

MedTech Europe recognises the GDPR as an essential step towards a greater harmonisation across EU member states within the Digital Single Market, intending to provide enhanced transparency, trust, and citizen empowerment. GDPR compliance must be a tool for achieving a greater quality of healthcare ensuring both the protection of privacy and the advancement of innovation in health and medical technologies.

It is essential that the GDPR and other national privacy laws safeguard individuals’ health data without creating significant logistical and practical hurdles for the use of this data for research and development of innovation purposes.

  • Data Anonymisation

    Data Anonymisation

    How to ensure GDPR compliance in research is one of the key priorities for medical technology companies. The reason for this is that research relies on patients’ health data. However, what “research” comprises and how GDPR needs to be applied varies when doing research as a medical technology company is still an open question. Where guidance exists, it focuses on clinical trials of investigational medicine and research, conducted by a company in the sector, can be different.

    In view of the industry’s strong history of research, delivering major advances inpatients care and outcomes as well as greater efficiency in healthcare, it is essential to clarify and harmonise GDPR rules around the topic of research. As such, MedTech Europe hopes to provide constructive feedback and experience to support this goal.

  • International Data Transfer

    International Data Transfer

    Medical technologies include products, services or solutions used to save and improve people’s lives. Products can range from disposables, diagnostics, capital equipment and surgical innovations, used in a care setting, to implant technology, biomaterials and connected health IT such as eHealth, mHealth, human genome decoding, disease prediction, biobanks, biomarkers and many more. These products and solutions often rely on collecting, analysing and sharing health data to understand diseases better and treat them as part of an efficient and effective healthcare system.

    The continued ability to transfer patient-related data within and outside of the European Economic Area (“EEA”) is critical to several areas:

    • research and development of new medical technologies,
    • monitoring the safety and effectiveness of existing products on the market, and
    • providing support services for medical technologies currently in use.

    Beyond the need to transfer patient data, medical device companies that operate globally need to be able to transfer a range of data concerning healthcare professionals, researchers, support technicians, employees, and others. The continuity of Research & Development and healthcare services provided by the global pharmaceutical and medical device industries depend upon these transfers. Any abrupt changes to the ability of these companies to transfer data outside of the EU will have significant operational impacts.

    Today’s pressing health concerns require global, concerted efforts to find safe and effective solutions. The COVID-19 global pandemic has highlighted the importance of global cooperation to address the threats posed to life, well-being, and economic prosperity by diseases and pathogens. There is an acute need to transfer data worldwide to speed the discovery and development of new life-saving and life-enhancing medical technologies.

    Some examples which involve data transfers include:

    • Healthcare delivery
    • Remote patient monitoring
    • Remote service
    • Patient-customised treatments

Liability & Collective Redress

Fair, balanced and effective civil justice systems in Europe need to (1) allow consumers who have a legitimate grievance to be compensated and, at the same time (2) provide certainty as well as transparent and workable rules for businesses. There are:

  • Procedural rules, in particular (but not limited to) the Directive on Representative Actions, which provide the European framework for EU consumers to collectively seek redress and aims to create equal access to redress in all member states.
  • Substantive rules, in particular (but not limited to) the European Product Liability Directive and the draft European Artificial Intelligence Liability Directive. A stable and harmonised liability regime at EU (and national) level(s) is crucial to provide effective consumer protection and compensation and a better environment for healthcare innovation.


Read our blogs


Should the EU rewrite the rulebook on liability in response to advances in artificial intelligence?

Posted on 15.09.2022


How strong data protection can help drive digital health

Posted on 31.03.2022


This is no time to further unsettle EU medtech legislation

Posted on 27.07.2021


Data Protection: If It ain’t broke, don’t fix it?

Posted on 13.05.2019

Related content