26.05.2015

EDPS: Mobile Health - Reconciling technological innovation with data protection

European Data Protection Supervisor, Opinion 1/2015 - Mobile Health [pdf], Reconciling technological innovation with data protection; from the Executive Summary:
[...] The development of mHealth has great potential for improving healthcare and the lives of individuals. In addition, Big Data, together with the "Internet of Things" is expected to have a significant impact on mHealth because of the volume of information available and the quality of inferences that may be drawn from such information. It is expected to provide new insights for medical research and it might also reduce costs and simplify patient´s recourse to healthcare.
At the same time, it is necessary to protect individuals’ dignity and fundamental rights, particularly those of privacy and data protection. The wide use of Big Data can reduce users´ control over their personal information. This is partly due to the huge unbalance between the limited information available to people and the extensive information available to entities which offer products involving the processing of this personal information. We believe that the following measures relating to mHealth would bring about substantial benefits in the field of data protection:
  • the EU legislator should, in future policy making measures in the field of mHealth, foster accountability and allocation of responsibility of those involved in the design, supply and functioning of apps (including designers and device manufacturers);
  • app designers and publishers should design devices and apps to increase transparency and the level of information provided to individuals in relation to processing of their data and avoid collecting more data than is needed to perform the expected function. They should do so by embedding privacy and data protection settings in the design and by making them applicable by default, in case individuals are not invited to set their data protection options manually, for instance when installing apps on their smart devices; 
  • industry should use Big data in mHealth for purposes that are beneficial to the individuals and avoid using them for practices that could cause them harm, such as discriminatory profiling; and 
  • the legislator should enhance data security and encourage the application of privacy by design and by default through privacy engineering and the development of building blocks and tools. [...]
See also EDPS' press release.