mHealth and the risks of processing personal data

Back to articles

11 September, 2014

The use of mobile applications has increased considerably over recent years and the coming years also look promising for the app industry. However, the increasing use of apps goes hand in hand with privacy concerns of using such apps.

A particular area of interest within the app-industry is the development of mobile health applications (mHealth apps), which has grown over the years. The European Commission intends to promote this growth, since mHealth apps can be a huge benefit to their users and support the health sector. The European Commission therefore holds a public consultation on the Green Paper for Mobile Health. Additionally, the European Commission will make €95 million available for funding of mHealth projects over the next two years.

However, there is always one question coming back with regards to mobile applications: how will the app developer take into account the protection of personal data in the application?

In most apps, personal data is being processed. Personal data is any data that directly or indirectly traces back to an individual. This includes for example name and address of the data subject, as well as contact information, location data or credit card information. In mHealth apps, the processed data is often sensitive information. Data concerning health or physical characteristics of people is by nature sensitive and therefore requires additional protection. The more sensitive the data that is processed in an application (for example, data about health or religion), the stricter rules regarding privacy will apply.

Non-compliance with privacy legislation is an increasing risk for app developers. Particularly with regard to enforcement by regulatory bodies, data protection risks are becoming more significant in anticipation of the EU Regulation on data protection. Several countries are currently reviewing their policy with respect to privacy protection. In the Netherlands, for example, the local DPA will be able to impose fines up to €450,000 per violation, following a recent amendment proposal to the law on data protection.. In addition to the risk of incurring a fine, organisations also risk reputation damage. More and more consumers are aware of their privacy when using mobile applications . When user privacy is compromised and the organisation did not comply with applicable privacy laws and regulations, consumer trust in the product or service will be lost or severely damaged, which may reflect on the organisation as a whole.

Prior to the development of the app, it is therefore recommended to investigate the privacy aspects of the idea. This will help the organisation to gain insight in the privacy risks that come with the finished product. Performing a Privacy Impact Assessment (PIA) is a practical way to map data flows, privacy risks and opportunities to improve data processing or mitigate compliance risks. By conducting a PIA, the organisation is also adhering to the principle of ‘privacy by design’, a concept that will be a mandatory requirement in the upcoming European Data Protection Regulation. Privacy by Design is meant for developers and manufacturers. They are expected to take privacy as early as the design process into account.

Are you an app developer and do you want to make your position known in the consultation? You can do so through a position paper. The consultation is open until July 3, 2014. For more information on this topic or for advice on performing a Privacy Impact Assessment, please do not hesitate to contact Considerati.

– See more at:

Jonathan Toornstra

Legal Consultant

Related blogs

Evert de Pender New CEO PrivacyPerfect

PrivacyPerfect launches world’s first data-mapping tool for privacy...

Read more

What to expect from privacy in 2014

2013 was a tumultuous year with regards to privacy. But what can we expect in 2014? Has the privacy...

Read more

Like to be emailed about Considerati news?

Then subscribe to the Considerati Newsletter! See our privacy statement.