Towards a contextual theory of Mobile Health Data Protection (MHDP): A realist perspective

The United Kingdom’s Data Protection Act 2018 introduces a new public interest test applicable to the research processing of personal health data. The need for interpretation and application of this new safeguard creates a further opportunity to craft a health data governance landscape deserving of public trust and confidence. At the minimum, to constitute a positive contribution, the new test must be capable of distinguishing between instances of health research that are in the public interest, from those that are not, in a meaningful, predictable and reproducible manner. In this article, we derive from the literature on theories of public interest a concept of public interest capable of supporting such a test. Its application can defend the position under data protection law that allows a legal route through to processing personal health data for research purposes that does not require individual consent. However, its adoption would also entail that the public interest test in the 2018 Act could only be met if all practicable steps are taken to maximise preservation of individual control over the use of personal health data for research purposes. This would require that consent is sought where practicable and objection respected in almost all circumstances. Importantly, we suggest that an advantage of relying upon this concept of the public interest, to ground the test introduced by the 2018 Act, is that it may work to promote the social legitimacy of data protection legislation and the research processing that it authorises without individual consent (and occasionally in the face of explicit objection).

Download Full-text

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

European Journal of Health Law ◽

10.1163/15718093-12520368 ◽

2018 ◽

Vol 25 (3) ◽

pp. 284-307

Author(s):

Giovanni Comandè ◽

Giulia Schneider

Keyword(s):

Data Mining ◽

Data Protection ◽

Personal Data ◽

Health Data ◽

General Level ◽

General Data Protection Regulation ◽

The Face ◽

General Data ◽

Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

Download Full-text

Datos relativos a la salud y datos genéticos: consecuencias jurídicas de su conceptualización / Health data and Genetic data: the legal consequences of their conceptualization

Revista Derecho y Salud | Universidad Blas Pascal ◽

10.37767/2591-3476(2017)06 ◽

2018 ◽

pp. 55-66

Author(s):

Daniel Jove Villares

Keyword(s):

Data Protection ◽

Genetic Data ◽

Health Data ◽

General Data Protection Regulation ◽

Related Information ◽

Health Related ◽

General Data ◽

New Criteria ◽

Legal Consequences ◽

Scope Of Protection

Existen determinadas categorías de datos que, por sus características, requieren de un régimen más estricto, regulación que, en ocasiones está necesitada de concreción. El presente trabajo incide en la necesidad de repensar qué datos genéticos y qué informaciones relacionadas con la salud deben considerarse como sensibles, amén de proponer nuevos criterios para su delimitación. La clarificación de la esfera de protección de estas tipologías de datos se hace perentoria en aquellos ordenamientos en que se establezcan limitaciones adicionales para las categorías de datos que protagonizan este artículo. Situación que el Reglamento General de Protección de Datos de la Unión Europea habilita. There are certain categories of data which, due to their characteristics, require a stricter regime, regulation which, at times, needs to be specified. This paper focuses on the need to rethink which genetic data and health-related information should be considered as sensitive and to propose new criteria for their delimitation. The clarification of the scope of protection of these types of data is urgently needed in those legal systems in which additional limitations are established for the categories of data covered by this article. Situation that the European Union's General Data Protection Regulation enables.

Download Full-text

All Our Data Will Be Health Data One Day: The Need for Universal Data Protection and Comprehensive Consent

Journal of Medical Internet Research ◽

10.2196/16879 ◽

2020 ◽

Vol 22 (5) ◽

pp. e16879 ◽

Cited By ~ 1

Author(s):

Christophe Olivier Schneble ◽

Bernice Simone Elger ◽

David Martin Shaw

Keyword(s):

Health Status ◽

Data Protection ◽

Health Data ◽

Future Health ◽

Related Data ◽

Legal Implications ◽

Health Related ◽

Behavior Health

Tremendous growth in the types of data that are collected and their interlinkage are enabling more predictions of individuals’ behavior, health status, and diseases. Legislation in many countries treats health-related data as a special sensitive kind of data. Today’s massive linkage of data, however, could transform “nonhealth” data into sensitive health data. In this paper, we argue that the notion of health data should be broadened and should also take into account past and future health data and indirect, inferred, and invisible health data. We also lay out the ethical and legal implications of our model.

Download Full-text

Privacy-Preserving Federated Depression Detection from Multi-Source Mobile Health Data

IEEE Transactions on Industrial Informatics ◽

10.1109/tii.2021.3113708 ◽

2021 ◽

pp. 1-1

Author(s):

Xiaohang Xu ◽

Hao Peng ◽

Md Zakirul Alam Bhuiyan ◽

Zhifeng Hao ◽

Lianzhong Liu ◽

...

Keyword(s):

Mobile Health ◽

Privacy Preserving ◽

Health Data ◽

Depression Detection

Download Full-text

Personalized Policy Learning Using Longitudinal Mobile Health Data

Journal of the American Statistical Association ◽

10.1080/01621459.2020.1785476 ◽

2020 ◽

pp. 1-11 ◽

Cited By ~ 1

Author(s):

Xinyu Hu ◽

Min Qian ◽

Bin Cheng ◽

Ying Kuen Cheung

Keyword(s):

Mobile Health ◽

Health Data ◽

Policy Learning

Download Full-text

Data protection and ethics requirements for multisite research with health data: a comparative examination of legislative governance frameworks and the role of data protection technologies†

Journal of Law and the Biosciences ◽

10.1093/jlb/lsaa010 ◽

2020 ◽

Vol 7 (1) ◽

Author(s):

James Scheibner ◽

Marcello Ienca ◽

Sotiria Kechagia ◽

Juan Ramon Troncoso-Pastoriza ◽

Jean Louis Raisaro ◽

...

Keyword(s):

Research Ethics ◽

Data Protection ◽

Data Transfer ◽

Homomorphic Encryption ◽

Personalised Medicine ◽

The United States ◽

Health Data ◽

The European Union ◽

Data Accessibility ◽

General Data Protection Regulation

Abstract Personalised medicine can improve both public and individual health by providing targeted preventative and therapeutic healthcare. However, patient health data must be shared between institutions and across jurisdictions for the benefits of personalised medicine to be realised. Whilst data protection, privacy, and research ethics laws protect patient confidentiality and safety they also may impede multisite research, particularly across jurisdictions. Accordingly, we compare the concept of data accessibility in data protection and research ethics laws across seven jurisdictions. These jurisdictions include Switzerland, Italy, Spain, the United Kingdom (which have implemented the General Data Protection Regulation), the United States, Canada, and Australia. Our paper identifies the requirements for consent, the standards for anonymisation or pseudonymisation, and adequacy of protection between jurisdictions as barriers for sharing. We also identify differences between the European Union and other jurisdictions as a significant barrier for data accessibility in cross jurisdictional multisite research. Our paper concludes by considering solutions to overcome these legislative differences. These solutions include data transfer agreements and organisational collaborations designed to `front load' the process of ethics approval, so that subsequent research protocols are standardised. We also allude to technical solutions, such as distributed computing, secure multiparty computation and homomorphic encryption.

Download Full-text

Processing employees’ personal data during the Covid-19 pandemic

European Labour Law Journal ◽

10.1177/2031952520978994 ◽

2020 ◽

pp. 203195252097899

Author(s):

Seili Suder

Keyword(s):

Data Protection ◽

Health And Safety ◽

Personal Data ◽

Health Data ◽

Body Temperatures ◽

National Data ◽

Pragmatic Approach ◽

General Data Protection Regulation ◽

Nation States ◽

General Data

While needing to ensure the health and safety of their employees during the Covid-19 pandemic, employers face many burning data protection questions, including under what conditions they can process employees’ personal data (in particular health data) and whether gathering personal data concerning employees’ medical history, trips and contacts with infected persons, is allowed. This article focuses on issues that are problematic, based on the analysis of guidance issued by the European Data Protection Board, as well as national data protection authorities and practitioners from 20 countries in response to these concerns. The first section of the article analyses concepts of personal data and health data in the context of Covid-19. Then the article proceeds with exploring what possible legal bases employers can use to process employees’ personal data in general, and health data in particular, under the General Data Protection Regulation when applying different measures to combat Covid-19. In the latter part of the article two practical questions raised by employers – concerning the checking of employees’ body temperatures and informing them of possible infection – are discussed. The analysis indicates that national data protection authorities seem to look for a reasonable and pragmatic approach regarding compliance with the GDPR in light of the Covid-19 emergency. However, their guidance differs in several areas and the views in between nation states are not always aligned. A more specific, clear and uniform pan-European vision concerning the processing of employees’ data in times of emergency is needed to better protect employees and limit the spread of the virus.

Download Full-text