Neha: Welcome back to our mini-series on IT legal risks! Today we're delving into Rahul's work at his former employer – a clinical trial platform provider. Rahul, we both know projects like DeepMind's NHS cooperation in 2017 showed how quickly data protection violations can escalate in AI health projects. How did you specifically address these risks?

Rahul: Good point, Neha. This exact case was an important precedent for us. For every AI implementation, we ensured patients were comprehensively informed about data processing through AI – not just generally, but specifically about algorithm use. This went far beyond standard consents.

Neha: Interesting! But data protection is only one aspect. With IBM Watson for Oncology, we saw how fragile trust in AI recommendations can be. How did you secure liability risks when AI systems overlook safety incidents?

Rahul: Excellent question. We triple-secured this: First through specific liability clauses with AI developers, second through special cyber insurance for AI errors, and third – crucially – indemnity regulations in trial contracts. This made sponsors liable if our platform operated correctly per protocol.

Neha: That reminds me of the Theranos scandal where regulatory compliance was grossly neglected. How did you reconcile medical device regulations like EU MDR 2017/745?

Rahul: Good analogy! We early on classified it as a medical device – similar to Viz.ai with their FDA-approved stroke detection AI. For diagnostic AI functions, CE marking according to Class IIa was mandatory. Without this clarity, authorities like EMA or FDA could have stopped our trials.

Neha: Fascinating! A listener recently asked about international data flows – keyword Schrems II. How could you guarantee GDPR-compliant data transfers?

Rahul: Through multi-layered safeguards: Standard contractual clauses, additional technical protective measures, and ethics approval before any data transfer. Particularly important was prior consultation with supervisory authorities under GDPR Article 36 for high-risk projects.

Rahul: Finally, I want to emphasize: The key lay in proactive communication with all stakeholders – from ethics committees to PEI. Only through this comprehensive compliance architecture could we combine innovation with legal security.

Neha: Thank you for these deep insights! Next week we'll analyze contract design in cloud infrastructure projects. Until then!

Read German Text here: https://docs.google.com/document/d/1oEspwKpwMcjlN5BkId5-KTNIs7pywqDbp8g1lYnU2fg/edit?usp=sharing