On Privacy Protection of Consumer Data Collected by e-Health Devices

Abstract

The non-certified e-health segment is gaining momentum around the world. The trend was significantly advanced by the introduction of several sports and medical measuring devices in the form of smartwatches. There has also been a resurgence of other medical Internet of Things class devices. Several devices connect to a product or platform-specific online (Cloud) service for storing, exchanging, analysing and monitoring the customer-collected e-health data. The devices and the data collected allow the consumers to continuously track their sports achievements, movement, vital signs, essential health state, etc. while receiving some recommendations and warnings based on the measurements. As some recent examples showed, the data collected can contain sensitive information that could be used creatively and unexpectedly, either positively or negatively. Unlike professional healthcare systems, which should comply with the strict GDPR, there is much less pressure on commercial entities in the consumer technological sector to provide more privacy options for data collection through their devices. In this work, we analyse the data typically collected by consumer e-health devices and assess possible risks that commercial entities present to their customer in unauthorised use of the data for their commercial advances. They use obscure legal language to prevent users from consenting to various data usages while providing primary data storing functionality. Moreover, there is a significant risk of using the data for repression in some contexts. We analyse the sector's current state and provide some recommendations to consumers and legislation to improve consumer rights to privacy while enhancing their health. At the same time, we recommend how the professional health sector should benefit from the collected data to improve their operations.