The EDPS looks at data protection issues in m-health.
What's the issue?
From lifestyle and wellbeing apps to apps which monitor and regulate medication, the benefits of mobile health (m-health) are fast becoming apparent and the sector is developing rapidly. Many of these apps process personal data, often sensitive personal data and, as such, must comply with applicable data protection law.
What's the development?
In March 2015, we reported on the Article 29 Working Party's clarification on what constitutes health data in the context of apps and devices. Now the European Data Protection Supervisor (EDPS) has published an Opinion on 'Mobile Health – reconciling technological innovation with data protection'. The Opinion is aimed at all stakeholders including app developers, app stores, device manufacturers and advertisers.
Chief among the recommendations of the EDPS are:
- the EU legislator should, when making future policy, foster accountability and allocation of responsibility of those involved in the design, supply and functioning of apps;
- app designers and publishers should use privacy by design and by default, designing products in such a way as to increase transparency and avoiding collecting more data than required to perform the expected function;
- Big Data collected from m-health should only be used to the benefit of the individuals. Practices like profiling, which might be detrimental, should be avoided;
- The legislator should enhance data security and encourage the application of privacy by design and default.
What does this mean for you?
The EDPS does not say anything particularly new or radical in this Opinion but follows the general trend towards the concepts of embedded privacy as the default installation. The emphasis is on user transparency and control and ensuring that data is not used for wider purposes than provided. The EDPS acknowledges the potential value of Big Data in the health sector provided it has a positive impact, or at least no negative impact, on the individuals concerned. The Opinion also sets out particular applications of data protection to m-health and is a useful guideline in that respect. It also looks forward to the probable impact the General Data Protection Regulation will have in this sector.
Download will be focusing on Connected Health in July.