European Data Protection Supervisor publishes opinion paper highlighting privacy priorities in mHealth
Europe’s leading official on data protection has warned that mobile healthcare technology will have implications for privacy, and that there is a need for more transparency and clarity over health information in the market for consumers and patients.
Giovanni Buttarelli (pictured), the European data protection supervisor (EDPS), has sounded the warning in a formal opinion on mobile health (mHealth), drafted in response to concerns over the way personal data could be used in relevant solutions.
It comes at a time when the NHS and health services throughout Europe are taking steps to increase the use of mobile technology in providing care. The opinion is not a legally binding document, but it provides guidance which the EU expects to provide the basis for national regulations in member states.
It says that mHealth solutions should be ethically tenable and encourage trust as well as being technically feasible. But the market is complicated because many public and private operators are active and their business models are continuously shifting as they experiment.
This could create threats to privacy, and the EU and its member states need to take steps to minimise any dangers.
Patient information question
One is to look at the issue of what constitutes health information in the market for consumers and patients. Under existing EU data protection rules information about health is subject to a high level protection, and it has to be clear exactly what data is covered by the rules.
There is also a need for privacy policies around the technology to be transparent and easy-to-read. The EDPS says the policies should be highlighted with a list for opting in or out rather than hidden away.
It also proposes that:
- the EU legislator should encourage the accountability of healthcare app providers;
- devices and apps should have privacy and data protection settings embedded in their designs;
- big data in mHealth should not be used for potentially harmful practices such as discriminatory profiling;
- legislators should encourage privacy by design by default.
The EDPS has also encouraged the Internet Privacy Engineering Network, which brings together developers and data protection experts, to test best practices and new solutions.
Buttarelli said: “Today, the division between information about our health and information about the rest of our digital lives is disappearing: technology solutions allow devices and apps to connect the dots between different data about us such as location, nutrition and medical.
“We can put a lot of trust in technology companies to do the right thing with our personal information and to make our lives easier. But we need to have a critical debate about the uses of our personal information that are and are not acceptable to us and encourage developers to prioritise consumer trust over short term gains."
Picture courtesy of EDPS.