Healthcare

Setting the standard for the sale and supply of digital content, services and goods in the digital health world

By Sean O’Reilly and Kate Murphy
10 February 2021

On 26 March 2019, the European Parliament adopted two key directives as part of the EU’s Digital Single Market Strategy, namely, Directive (EU) 2019/770 on certain aspects concerning contracts for the supply of digital content and digital services (the “Digital Content Directive”) and Directive (EU) 2019/771 on certain aspects concerning contracts for the sale of goods (the “Sale of Goods Directive”). Member States, including Ireland, are required to transpose both directives by 1 July 2021 and to apply those transposition measures from 1 January 2022. The provisions of the Digital Content Directive will apply to the provision of digital services and digital content which occur from 1 January 2022 with the exception of provisions regulating the modification of digital content or services and permitting traders to pursue others in the supply chain. The latter provisions will only apply to contracts concluded after 1 January 2022.  The Sale of Goods Directive will not apply to contracts concluded before 1 January 2022.  

We examine how these directives will affect the way in which we receive and provide health and care goods and services in the context of digital health.  

The Digital Content Directive ((EU) 2019/770)

The Digital Content Directive aims to harmonise certain key rules on the supply of digital content and digital services. The Digital Content Directive applies to any contract where a trader supplies digital content (to include computer programmes and mobile applications, as well as video and audio files in digital form) or digital services (to include services which allow the creation of, processing of, accessing or storage of data in digital form) to the consumer, who is defined in the directive as being “any natural person who, in relation to contracts covered by this Directive, is acting for purposes which are outside that person's trade, business, craft, or profession”, and the consumer pays or undertakes to pay a price. It also applies when the consumer does not pay a price but provides or undertakes to provide personal data to the trader, unless the personal data provided are only processed for the purpose of supplying the digital content or digital service or for the trader to comply with legal requirements.

Articles 3(4) and 3(5) of the Digital Content Directive identify digital content and digital services to which the Directive will not apply. Amongst these are contracts with respect to “healthcare”, which is defined in another directive as “health services provided by health professionals to patients to assess, maintain or restore their state of health, including the prescription, dispensation and provision of medicinal products and medical devices”[1]. 

However, the Digital Content Directive will apply to any digital content or digital service that constitutes a medical device, such as health applications, that can be obtained by the consumer without being prescribed or provided by a health professional. Therefore, it seems likely that the Digital Content Directive will capture many health and wellness apps that can be accessed on the various app stores.

Article 7 of the Digital Content Directive sets out subjective standards that digital content or digital services must meet, to include: 

  • fit the description, quantity and quality, and having other features such as functionality, compatibility, interoperability, as required by the contract;
  • be fit for the purpose agreed as part of the contract process; 
  • be supplied with all accessories, instructions and assistance as required by the contract; and
  • be updated as stipulated by the contract.

Article 8 of the Digital Content Directive provides for objective standards of conformity, so that in addition to complying with any subjective requirement for conformity, the digital content or digital service shall:

  • be fit for the purposes for which digital content or digital services of the same type would normally be used;
  • be of the quantity and possess the qualities and performance features, including in relation to functionality, compatibility, accessibility, continuity and security, normal for digital content or digital services of the same type and which the consumer may reasonably expect, given the nature of the digital content or digital service; 
  • be supplied along with any accessories and instructions which the consumer may reasonably expect to receive; and
  • comply with any trial version or preview of the digital content or digital service, made available by the trader before the conclusion of the contract.

Article 11 makes provision for the liability of a trader in circumstances where the trader fails to supply the digital content or digital service, or for any lack of conformity of the digital content or digital service that exists at the time of supply, and differentiates between a single act of supply or a series of individual acts of supply, as follows:

  • where a contract provides for a single act of supply or a series of individual acts of supply, the trader shall be liable for any lack of conformity under Article 7 (subjective requirements for conformity), Article 8 (objective requirements for conformity) and Article 9 (incorrect integration of the digital content or digital service) which exists at the time of supply, without prejudice to point (b) of Article 8(2), which provides that the trader shall ensure that the consumer is informed of and supplied with updates that are necessary to keep the digital content or digital service in conformity, for the period of time that the consumer may reasonably expect given the type and purpose of the digital content or digital service and taking into account the circumstances and nature of the contract, where the contract provides for a single act of supply or a series of individual acts of supply. If, under national law, the trader is only liable for a lack of conformity that becomes apparent within a period of time after supply, that period shall not be less than two years from the time of supply, without prejudice to point (b) of Article 8(2);
  • where the contract provides for continuous supply over a period of time, the trader shall be liable for a lack of conformity under Article 7 (subjective requirements for conformity), Article 8 (objective requirements for conformity) and Article 9 (incorrect integration of the digital content or digital service), that occurs or becomes apparent within the period of time during which the digital content or digital service is to be supplied under the contract. 

Importantly, Article 12 provides for circumstances in which the onus of proof of conformity will rest with the trader.

The Digital Content Directive also sets out remedies available to the consumer for any lack of conformity. In such circumstances, the consumer shall be entitled to have the digital content or digital service brought into conformity, to receive a proportionate reduction in the price, or to terminate the contract, subject to limitations set out in Article 14. 

The Digital Content Directive provides that where a contract for the supply of digital content or digital service is terminated, traders must comply with the personal data obligations of Regulation (EU) 2016/679 (General Data Protection Regulation). 

The Sale of Goods Directive ((EU) Directive 2019/771)

The Sale of Goods Directive will apply to contracts for the sale of goods, including goods with digital elements. The Sale of Goods Directive is intended to complement the Digital Content Directive. For instance, if a consumer purchases a smart phone the Sale of Goods Directive will apply, and if the consumer subsequently downloads an application from an app store onto the smart phone, the Digital Content Directive will apply, where certain conditions are met. While the Sale of Goods Directive does not necessarily apply to digital health directly, it will apply to goods with digital health elements, such as a fitness tracker.

The Sale of Goods Directive aims to ensure proper functioning of the internal market, while providing consumers with a high level of protection. It does so by laying down certain common rules on sales contracts between sellers and consumers, pertaining to conformity of goods, remedies and commercial guarantees. 

The Sale of Goods Directive is intended to enhance consumer rights where a good has a digital element. For instance:

  • sellers must inform and supply the consumer with all updates needed to keep them in conformity with the requirements set out in Article 6 (subjective requirements for conformity), Article 7 (objective requirements for conformity) and Article 8 (incorrect installation of the goods) of the Sale of Goods Directive, for the duration that the consumer may reasonably expect, unless the digital element of the goods is supplied continuously, in which case updates should be provided throughout the period of supply; and 
  • sellers are liable for any lack of conformity which becomes apparent within two years of delivery, unless the digital element is to be supplied continuously for more than two years, in which case the seller is liable throughout the period of supply.

The Sale of Goods Directive therefore gives the sale of goods and supply of services a grounding in the digital world.

Application of the Directives to Digital Health 

Digital health is an area in which consumers demand a high standard of protection and comfort due to the sensitivity of the data utilised by the content and services in that space. In addition to the foregoing directives which aim to ensure better access for consumers to digital content and digital services, and to make it easier for businesses to supply same, further developments would be welcome in the context of digital health.  

The European Commission has been facilitating an industry-led Code of Conduct on mobile health apps (the “Code”), covering the topics of privacy and security[2]. The objective of the Code is to foster citizens' trust in mHealth apps, raise awareness of and facilitate compliance with EU data protection rules for app developers. The Code has not yet been approved by the European Data Protection Board and the European Commission is working with industry stakeholders to encourage the further development of the Code. 

The publication of the Code will be a welcome development for digital health, as it will provide easily accessible guidance on how European data protection legislation should be applied in relation to mHealth apps.

Conclusion 

It will be interesting to see if the Digital Content Directive and the Sale of Goods Directive strike a good balance between encouraging innovation in the digital health space and the protection of consumers.

This is an area likely to be developed further, particularly in light of recent commentary around digital health passports and other Covid-19 measures, which are expected to be high on the agenda of member states going forward.  

For more information on the content of this insight please contact:
Sean O’Reilly, Partner | E. sean.oreilly@rdj.ie | T. +353 21 2332822

[1] https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:088:0045:0065:EN:PDF

[2] https://ec.europa.eu/digital-single-market/en/privacy-code-conduct-mobile-health-apps#:~:text=The%20Privacy%20Code%20of%20Conduct,to%20it%20in%20the%20future

 

Letter footer for printed documents
© 2021 Ronan Daly Jermyn
Web design by Granite Digital
Sign up to our newsletter