The European Data Protection Supervisor, Giovanni Buttarelli, has published an opinion on mobile health (m-health) (1/2015) which highlights the most relevant data protection implications for m-health, explores ways in which to integrate data protection requirements into the design of m-health apps and considers the implications of the draft Data Protection Regulation on this rapidly growing sector.

Among his recommendations, Buttarelli says that the EU legislator should foster accountability and allocation of responsibility of those involved in the design, supply and functioning of apps, and enhance data security by encouraging privacy by default and privacy by design principles. App designers must take the sensitive nature of health data into account and should empower users by increasing transparency and the level of information provided to them about the processing of their data and avoid collecting more data than is needed, by embedding privacy and data protection settings in the design and by making them applicable by default. Further, industry should use Big Data for purposes that are beneficial to individuals, like medical research, and avoid using them for practices that could cause them harm, like discriminatory profiling for employment or insurance purposes (see Practice note, Big data and data protection).

In 2015, the Article 29 Working Party clarified the scope of the definition of health data in relation to lifestyle and wellbeing apps (see Legal update, Article 29 Working Party clarifies health data definition in lifestyle and wellbeing app context). The draft Data Protection Regulation will introduce new guiding principles and rules in the context of m-health and, in particular, a definition of "data concerning health" (see Practice note, EU data protection proposals: analysis and noter-up).

Source: EDPS Opinion 1/2015 Mobile Health, 21 May 2015.