European Commission calls for privacy protection in mobile health technology
June 16, 2015
Mobile technology is revolutionising the healthcare market, offering opportunities to benefit the global population with a variety of healthcare needs, according to the European Commission’s data protection supervisor Giovanni Buttarelli. However, he said as a society we should take care to identify and support technology that first and foremost serves individuals and respects their choices. This should not only be technically feasible but also be ethically tenable and foster trust.
“We live in a world where our digital lives can be acutely analysed,” he said. “Today, the division between information about our health and information about the rest of our digital lives is disappearing: technology solutions allow devices and apps to connect the dots between different data about us such as location, nutrition and medical. We can put a lot of trust in technology companies to do the right thing with our personal information and to make our lives easier. But we need to have a critical debate about the uses of our personal information that are and are not acceptable to us and encourage developers to prioritise consumer trust over short term gains."
Better quality, low-cost health care is associated with advances in technology and offers significant benefits for patients, health authorities and businesses. Mobile health technology can be broken down into two categories: wellness (for consumers and patients) and medical (for physicians). Wellness and prevention are key in healthcare, he said.
Under current EU data protection rules, information about health enjoys a very high level of protection. But in the wellness market, it is not entirely clear what would constitute health information in practice. This is one of the areas that must be addressed, believes Buttarelli.
Big data are impacting mhealth in a big way. The potential to collect a huge amount of personal information – physiological, preferences, emotions and so on – and the potential to buy, sell and analyse it without the full knowledge and consent of the people concerned has to be addressed by industry and governments, and by consumers of these technologies, he said.
The ways and the purposes for which personal data are processed, shared and re-used must be made transparent, for instance through easy-to-read privacy policies that are highlighted rather than hidden away and a list from which users can actively choose to opt in or out.
Failure to deploy data protection safeguards will result in a critical loss of individual trust, leading to fewer opportunities for public authorities and businesses, hampering the development of the health market. To foster confidence, he said future policies needed to encourage more accountability of service providers and their associates, placing respect for the choices of individuals at their core and ending the indiscriminate collection of personal information and any possible discriminatory profiling. He wants to encourage privacy by design and privacy settings by default, and enhance the security of the technologies used.
The challenges of privacy engineering in mhealth technologies may be addressed within the Internet Privacy Engineering Network (IPEN), which provides a framework for cooperation between engineers, legal and regulatory experts. He said he would encourage the IPEN to do so. The IPEN brings together developers and data protection experts from regulators, business, civil society and academia to work together on privacy respecting solutions to practical problems.
“Technology is designed to work for us, not the other way around,” he said. “European society, our values and laws have been developed to protect and empower individuals, whether as citizens, users or entrepreneurs. We are not only consumers of goods and services. The dignity of future generations needs protecting. We need to debate and find solutions on how to stay connected on the move that also respect our privacy and personal identity.”
More people are taking a proactive role in checking or monitoring their health than ever before. The enhanced power of ubiquitous new computing devices is helping to drive this growth. But individuals should not only be empowered to be proactive over health, they should be empowered over their personal lives as a whole. Transparency, awareness and effective control over personal information all contribute to such empowerment.
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union. More specifically, the rules for data protection in the EU institutions are set out in Regulation (EC) No 45/2001.