Abstract
This paper examines the requirements and responsibilities in public procurement of advanced information and communications technology (ICT) used in the provision of effective and safe healthcare to elderly citizens. It explores the utility of Article 25 "Data Protection by Design and by Default" (DPbDD) in the EU's General Data Protection Regulation (GDPR) as a regulatory mechanism in the balancing exercise of competing interests to patient health and safety on one side and privacy on the other.