Large Scale Data Collection By Health and Fitness Apps

There is a myriad of applications collecting personal health data around the globe. The types of data being accumulated by mobile health apps include sensitive health information through symptom checkers and health surveys. There are a wide range of apps covering virtually every aspect of human health from diet, addiction, sleep habits, psychological wellbeing and mindfulness, fitness, and even heart rhythm abnormalities can be monitored and recorded.

Nobody could argue against the undeniable benefits of giving people applications to help monitor their lifestyle and basic health status. This is clearly advantageous to some people, however, some of the sensitive health data being collected and stored should not be stored or even worse, passed on to third parties. ?

An example of a very popular fitness app is MyFitnessPal. This collects data such as name, age, weight, height, regularly consumed products, along with body mass index, heart rate, and fitness level. ?Generally, MyFitnessPal uses the types of data above to provide the user with the service they expect from the application although this is not always so clear-cut.

The issue of data collection gets more complex when we consider the techniques of data aggregation that are also available here. Where they let the user know that they might ‘obtain data from third parties to provide and improve services and for marketing and advertising. Many types of data can be aggregated and combined to provide a more detailed profile of an app user. In some cases, the more valuable data can be garnered by combining available data.?If the user is wearing a Fitbit device during the day, certain pieces of data could be obtained and cross-referenced with known data to create a more in-depth profile. This could then be used by marketing companies to try to sell directly to the user based on this profiling.??

The British medical journal carried out a comprehensive study of approximately twenty thousand health apps and found that approximately 90 percent are tracking users and collecting data.?A significant number of the health apps are not even complying with the Google Play store’s terms of service on the collection of user data.?More than a quarter of the applications had no privacy notice at all, according to The British medical journal study.

Tracking and profiling for the purposes of advertising are some of the most common occurrences. The data is available to third parties, such as marketing companies, who may be able to later target the user with tailored ads. Where consent is not fully given, and in some cases, there is either no consent or insufficient consent given by the user of the health app.?

Google did not remove any of the apps from the play store, but simply issued a statement reaffirming its rule that consent should be given by users before their data is used.?In the context of E.U citizens, the area of consent is codified by the General Data Protection Regulation. ?The user also has a right to be forgotten’, where data collected has to be erased where the user of the service withdraws consent.

So, in an era where the use of health apps is growing rapidly, what protections will be available to users who submit personal or sensitive health data? Even if the health app follows all privacy guidelines and obtains informed consent from the user, the issue of how securely the data is stored is a significant issue. Where data is exfiltrated or stolen, what recourse would people have against a health app provider? Under the EU General Data Protection Regulation, they have to have sufficient technical and organisational measures in place to protect health data. ?Huge fines could be levied on companies that flout this.

Is it feasible to imagine a future where governments and health insurance companies get full access to people’s health and lifestyle profiles? This type of granular data would be invaluable to private health insurers, who would use this profiling to reject people seeking private health policies, or increase prices based on unhealthy lifestyles. This type of intrusive surveillance could also come in the guise of the state collecting health data on citizens to classify individuals on their overall health. Where people are obsessively monitoring their own health and sharing it with apps, some of whom are allowing the information to be accessed by third parties, it is almost inevitable that private and sensitive data will be circulating online. ??