Legal Guidance and Research / Experts / Francesca Blythe
Francesca Blythe#454

Francesca Blythe

Sidley Austin
FRANCESCA BLYTHE advises international clients on a wide range of data protection, privacy, cybersecurity, and emerging technology issues. She has in-depth experience across multiple industries, including asset management and private equity, payments, technology, retail, e-commerce, and manufacturing. Francesca has a particular focus on life sciences, where she advises on a broad range of issues in relation to clinical studies/investigations, secondary research, digital health, and use of novel technologies (including artificial intelligence). Francesca co-leads Sidley’s benchmarking group for in-house data privacy professionals (dplegal) in the life sciences sector.

Francesca was previously in-house counsel at the largest international health and beauty retailer in Asia and Europe. While there, she regularly gave advice on compliance and strategies relating to data protection laws and assisted in the planning and delivery of a global privacy compliance project.

Practice Area

Panel

  • Contributing Author

Qualified Year

  • 2008

Membership

  • WIP
  • IAPP (International Association of Privacy Professionals)

Qualifications

  • LLB (2008)
  • Graduate Diploma in Law (2009)

Education

  • University of Nottingham, B.Sc. (2008)
  • BPP University Law School (2009)

2 Contributions by Francesca Blythe

Clinical research data protection under UK and EU GDPR: DUAA 2025 updates, lawful bases, transparency, secondary use, data sharing, international transfers, safeguards, rights exemptions, and practical checklist
PRACTICE NOTES
Clinical research data protection under UK and EU GDPR: DUAA 2025 updates, lawful bases, transparency, secondary use, data sharing, international transfers, safeguards, rights exemptions, and practical checklist
Data—and by extension, adherence to data protection rules—sits at the heart of clinical research, whether for clinical trials, pharmacovigilance activities or wider scientific inquiry. This Practice Note examines the data protection ramifications of running clinical research. In particular, it addresses who is accountable for compliance, the lawful bases relied upon, and how transparency should be delivered in this context... Allocation of responsibility for data protection compliance in clinical research Appropriate legal grounds for processing personal data for research purposes Transparency duties owed to participants and other data subjects Collaborative research arrangements and data sharing practices Derogations from data subject rights when processing for research A practical checklist of data protection points to consider when planning research activities The GDPR regimes On 25 May 2018, the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) became directly applicable and enforceable across all EU Member States and the EEA (the EU plus Iceland, Norway, and Liechtenstein), including the UK at that time, replacing Directive 95/46/EC (the Data Protection Directive). On 31 January 2020, the UK left the EU and EEA and, as a result, the EU GDPR ceased to apply under UK law from the end of the Brexit implementation period...
Life Sciences
mHealth apps: UK and EU GDPR and ePrivacy compliance on special category health data, consent, transparency, controller and processor roles, privacy by design/default, secondary use, sharing, security and enforcement
PRACTICE NOTES
mHealth apps: UK and EU GDPR and ePrivacy compliance on special category health data, consent, transparency, controller and processor roles, privacy by design/default, secondary use, sharing, security and enforcement
Developers, manufacturers and distributors in digital health—spanning mHealth apps and any associated Software as Medical Device (SaMD), artificial intelligence (AI) system or Artificial intelligence as a Medical Device (AIaMD)—must meet stringent data protection regulations in tandem with regulatory compliance across the entire lifecycle, from development through to commercialisation This Practice Note concentrates on data protection and privacy issues for mHealth (mobile health) and also considers the tighter safeguards governing the collection of an individual user’s health data. It does not cover broader life sciences regulatory matters, such as those relating to medical devices What is mHealth? For related guidance, see: Practice Note: Digital health—regulation of mHealth apps and medical software. Practice Note: Mobile app development and data protection. Practice Note: Digital health—data protection and privacy case studies, including wearables and AI diagnostic tools...
Life Sciences
Expert page AD
If you expected to see yourself on this page, click here.