On Privacy Protection of Consumer Data Collected by e-Health Devices
DOI:
https://doi.org/10.54820/entrenova-2023-0013Ključne riječi:
GDPR, cloud services, e-health, smart-watches, IoTSažetak
The non-certified e-health segment is gaining momentum around the world. The trend was significantly advanced by the introduction of several sports and medical measuring devices in the form of smartwatches. There has also been a resurgence of other medical Internet of Things class devices. Several devices connect to a product or platform-specific online (Cloud) service for storing, exchanging, analysing and monitoring the customer-collected e-health data. The devices and the data collected allow the consumers to continuously track their sports achievements, movement, vital signs, essential health state, etc. while receiving some recommendations and warnings based on the measurements. As some recent examples showed, the data collected can contain sensitive information that could be used creatively and unexpectedly, either positively or negatively. Unlike professional healthcare systems, which should comply with the strict GDPR, there is much less pressure on commercial entities in the consumer technological sector to provide more privacy options for data collection through their devices. In this work, we analyse the data typically collected by consumer e-health devices and assess possible risks that commercial entities present to their customer in unauthorised use of the data for their commercial advances. They use obscure legal language to prevent users from consenting to various data usages while providing primary data storing functionality. Moreover, there is a significant risk of using the data for repression in some contexts. We analyse the sector's current state and provide some recommendations to consumers and legislation to improve consumer rights to privacy while enhancing their health. At the same time, we recommend how the professional health sector should benefit from the collected data to improve their operations.
Reference
U.S. Department of Health and Human Services, n.d. NIH: National Institute of Diabetes and Digestive and Kidney Diseases. [Online]
Available at: https://www.niddk.nih.gov/health-information/diabetes/overview/managing-diabetes/continuous-glucose-monitoring
David C. Klonoff, K. T. N. N. Y. X. a. M. A. A., 2021. Noninvasive Glucose Monitoring: In God We Trust—All Others Bring Data. Journal of Diabetes Science and Technology, 15(6), pp. 1211-1215.
Hoel, T. & Chen, W., 2018. Privacy and data protection in learning analytics should be motivated by an educational maxim—towards a proposal. Research and Practice in Technology Enhanced Learning, 12.13(12).
Värri, A., 2023. The impact of the EU Digital Services Act and Digital Markets Act on health information systems. Finnish Journal of eHealth and eWelfare, 4.
European parlament, 2022. Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance). [Online]
Available at: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32022R2065
Tekić Sauerborn, B., 2022. Zaštita privatnosti bio-medicinskih podataka prikupljenih pomoću pametnih satova (in Croatian). [Online]
Available at: https://repozitorij.unin.hr/islandora/object/unin:5083
[Accessed 5 2023].
Rawassizadeh, R., Price, B. A. & Petre, M., 2015. Wearables: Has the Age of Smartwatches Finally Arrived?. Communications of the ACM, January, 58(1), pp. 45-47.
World Health Organization, n.d. [Online].
Reeder, B. & David, A., 2016. Health at hand: A systematic review of smart watch uses for health and wellness. Journal of Biomedical Informatics, Volume 63, p. 269–276.
Kenny, G. & Connolly, R., 2016. Drivers of Health Information Privacy Concern: A Comparison Study. San Diego, s.n.
Shastri, S., Wasserman, M. & Chidambaram, V., 2016. The Seven Sins of Personal-Data Processing Systems under GDPR. s.l., s.n.
EU-Lex, 2016. Regulation (EU) 2016/679 Of The European Parliament And Of The Council. Official Journal of the European Union, 27 4.
Utz, C. et al., 2019. (Un)informed Consent: Studying GDPR Consent Notices in the Field.
Guardado, S., Isomursu, M. & Giunti, G., 2022. Health Care Professionals ́ Perspectives on the Uses of Patient-Generated Health Data. In: Challenges of Trustable AI and Added-Value on Health. s.l.:European Federation for Medical Informatics (EFMI) and IOS Press, pp. 750-754.
Laric, M. V., Pitta, D. A., Baltimore & Katsanis, L. P., 2009. Consumer Concerns For Healthcare Information Privacy: A Comparison Of Us And Canadian Perspectives. Research In Healthcare Financial Management, 12(1), pp. 93-111.
Liu, K. et al., 2022. Evaluating the Privacy Policy of Android Apps: A Privacy Policy Compliance Study for Popular Apps in China and Europe. Scientific Programming, Volume 2022.
##submission.downloads##
Objavljeno
Kako citirati
Broj časopisa
Rubrika
Autorska prava
Copyright (c) 2024 Vladimir Stanisavljevic, Bruno Tekić Sauerborn
Ovaj rad licenciran je pod Creative Commons Attribution-NonCommercial 4.0 International License.