The Internet of Things is fast becoming a familiar feature of everyday life. Nowhere is this more apparent than in the health sector. The ubiquity of smart phones, tablets, sensors, wearables, personal trackers and similar wireless smart devices means that huge volumes of data concerning health, fitness, life-style, stress and sleep are being harvested and processed. This demand for services and products is feeding an enormous growth in mobile health apps (“mHealth apps”). A 2015 report commissioned by iMedicalApps estimated that 165,000 mHealth apps were then available. A separate report estimates that the Mobile Health (“mHealth”) sector will become a USD$59 billion market by 2020. This new marketplace is certain to offer commercial opportunities for app developers, healthcare providers and health insurers, but also presents several challenges. In particular, there are important data privacy implications where personal data relating to individual’s health and well-being is collected and processed on such a large scale. At present there is little harmonisation, whether by accident or design, across EU member states in terms of the data protection legislation governing this sector. The European Commission has acknowledged this legal fragmentation and in July 2016 proposed a ‘Code of Conduct on privacy for mHealth apps’ (the “Code”). This article provides an overview of the key features of the Code.