Skip to content Skip to sidebar Skip to footer
Menu
Menu
Technology

eHealth and wellness apps challenged by Italian Privacy Authority

September 15, 2014
3 minRead time
ehealth apps privacy
Share This Article
Share Post

eHealth and fitness/wellness apps are being investigated and potentially sanctioned by the Italian data protection authority that found half of them not compliant with applicable privacy laws.ย 

I have already discussed in this post about the potential data protection issues affecting eHealth applications. ย However, this is the first time that the Italian data protection authority takes a strong move against their lack of compliance with privacy regulations. ย Indeed, as part of the initiative named Privacy Sweep 2014 undertaken by theย Global Privacy Enforcement Network (GPEN), the international network aimed at enhancing the cooperation between data protection authorities, 1,200 applications have been reviewed and 59% of them were found to operate in breach of data protection laws.

Issues identified in eHealth/wellness apps

The lack of compliance was because, through such eHealth/wellness applications:

  1. An adequate privacy information notice compliant with applicable data protection laws is not available at the time of the installation, or very generic informationย is provided whichย is a practiceย not in line with the requirements imposed by data protection laws;
  2. The volume of personal data requested from users is excessive if compared to the services provided, and 3/4 of the applications reviewed require consents to the processing of:
    • localization data,
    • device ID data,
    • other accounts data
    • video recording functionalities and
    • contact lists.
  3. The size of the privacy information notice is not adapted to the reduced size of the screen which makes it almost unreadable, or the privacy information notice is in the section of the app dedicated to technical specifications.

Possible actions against eHealth/wellness apps

The Italian data protection authority is considering the next steps to be taken against such eHealth and wellness applications with the view of adopting potential sanctions against them. ย This practice is also part of the monitoring activity that will be run through the consultation on mobile health launched by the European Commission.

Additionally, if the above-mentioned eHealth and wellness applications process health-related personal data, the data protection compliance applications and potential sanctions will further increase. ย And this is not an issue relevant only for European companies since also US or Asian companies offering their applications to European users shall comply with the above-mentioned obligations.

Finally, as mentioned in this post, with the growth of wearable technologies, data protection, and regulatory obligations might become more stringent.ย  And don’t forget to join me at the webinar on legal issues of the Internet of Things, wearable technologies and eHealth were some of these issues will be covered.

Hopefully, a more flexible approach will be adopted in the future by data protection authorities.

(Visited 1 times, 1 visits today)
0LikesShare Post