FemTech investments increase – but privacy is key

Recent figures show that venture capital (VC) funds have invested almost $4.9bn into software and services targeting women’s health in the last three years, an almost 75% increase on the three years prior. This is encouraging but there was, and still is, a long way to go.

Reports like The Rose Review highlight that female-founded startups face significant challenges raising investment from VCs, where investment committees are dominated by men.

The British Business Bank’s annual Investing In Women Code Report 2023-investing-in-women-report.pdf said ‘female investors remain under-represented on investment committees with an average of just 32% female representation in VC investment teams and 24% on investment committees.’

When a female founder pitches an idea focused on women’s health, having an audience that understands the idea is crucial.

But it’s not just the investment audience which can be a challenge to FemTech entrepreneurs.

Data compliance is key

Recent investment challenges faced by FemTech companies, including period tracking apps, show that data and compliance issues can be a barrier to growth if not handled properly.

Regulations about processing health data, known as ‘special category data’ under UK data protection laws, are complex. The US trade commission’s investigation of Flo suggests that many start-ups may lack the knowledge of how to handle personal data properly.

Special category data has additional protection under data protection laws. Businesses using this data must make sure:

1) they have a lawful reason to process it;

2) they are clear and transparent about their data processing activities;

3) they are clear about who has access to the data and have written agreements in place; and

4) they have appropriate technical and security measures in place to protect the data.

Essentially, high risk data comes with a high regulatory burden.

While relevant for FemTech companies, the data regulation burden applies to any early-stage company with competing priorities and limited resources. Privacy can, wrongly, be treated as an afterthought or seen as a tick-box exercise to be dealt with ‘down the line’, but it couldn’t be more central to companies processing personal data or sensitive personal information as part of their core business model. Investors are increasingly alive to the risks of non-compliance.

How to navigate data obligations as a founder

Privacy law requires companies to adopt a ‘privacy by design and default’ approach. Privacy and data protection must be addressed at the outset and weaved it into every part of the organisation, from designing and building the tech, to choosing trusted third parties who will have access to the organisations’ information, not forgetting staff culture.

A good starting point is to map out the company’s data processing activities – a simple ‘what’, ‘why’, ‘who’, ‘where’, and ‘when’. This doesn’t need to be overly legal but helps to bring privacy to the fore.

Another starting point is to consider whether, as is likely, consent is needed to process health data and how that consent journey might look. The UK’s data protection regulator has guidance for small organisations to help them with basic privacy principles.

In a landscape where cyber-attacks are increasingly prevalent, and the market is saturated with consumer-facing tech, trust is paramount. A data breach or regulatory action can be devastating for a company’s reputation.

If you are a looking to start up or scale up your FemTech business, or want help in navigating data and privacy laws, our specialists are happy to help.