Eliciting Design Guidelines for Privacy Notifications in mHealth Environments

The possibilities of employing mobile health (mhealth) devices for the purpose of self-quantification and fitness tracking are increasing; yet few users of online mhealth services possess proven knowledge of how their personal data are processed once the data have been disclosed. Ex post transparency-enhancing tools (TETs) can provide such insight and guide users in making informed decisions with respect to intervening with the processing of their personal data. At present, however, there are no suitable guidelines that aid designers of TETs in implementing privacy notifications that reflect their recipients' needs in terms of what they want to be notified about and the level of guidance required to audit their data effectively. Based on an analysis of gaps related to TETs, the findings of a study on privacy notification preferences, and the findings on notifications and privacy notices discussed in the literature, this paper proposes a set of guidelines for the human-centred design of privacy notifications that facilitate ex post transparency.

Download Full-text

Eliciting Design Guidelines for Privacy Notifications in mHealth Environments

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch093 ◽

2021 ◽

pp. 1909-1928

Author(s):

Patrick Murmann

Keyword(s):

Mobile Health ◽

Personal Data ◽

Design Guidelines ◽

Informed Decisions ◽

Ex Post ◽

Fitness Tracking ◽

Privacy Notices ◽

Human Centred Design

Download Full-text

Well-Being in Practice and Policy

Advances in Media, Entertainment, and the Arts - Well-Being Design and Frameworks for Interior Space ◽

10.4018/978-1-7998-4231-6.ch003 ◽

2020 ◽

pp. 52-73

Keyword(s):

Control Systems ◽

Construction Industry ◽

Well Being ◽

Global Scale ◽

Design Guidelines ◽

The People ◽

Ex Post ◽

And Control ◽

The Relationship

Recent research focuses on the concept of well-being, aiming to systematize it and obtain design guidelines. In latest years, various building certification systems have arisen, which, although used for ex post evaluations, contain, specularly, design guidelines. In a first phase the concept of well-being was intended on a global scale, linked to the pitfalls of pollution and consumption of resources, so design guidelines and control systems developed within the construction industry to ensure the conservation of the environment and therefore the “well-being” and “health” of human communities. Having therefore developed certification systems measuring and evaluating the performance of buildings in relation to their impact on the environment and its resources, we are now faced with a shift of attention on a smaller scale, linked to the performance that buildings offer not so much with respect to the environment as to the people who live in them. This chapter explores the concepts behind such systems and the relationship between building certification systems and people's well-being.

Download Full-text

Availability and quality of mobile health app privacy policies

Journal of the American Medical Informatics Association ◽

10.1136/amiajnl-2013-002605 ◽

2014 ◽

Vol 22 (e1) ◽

pp. e28-e33 ◽

Cited By ~ 97

Author(s):

Ali Sunyaev ◽

Tobias Dehling ◽

Patrick L Taylor ◽

Kenneth D Mandl

Keyword(s):

Mobile Health ◽

Grade Level ◽

Information Privacy ◽

College Level ◽

Privacy Policies ◽

Informed Decisions ◽

Reading Grade Level ◽

Mhealth Apps

Abstract Mobile health (mHealth) customers shopping for applications (apps) should be aware of app privacy practices so they can make informed decisions about purchase and use. We sought to assess the availability, scope, and transparency of mHealth app privacy policies on iOS and Android. Over 35 000 mHealth apps are available for iOS and Android. Of the 600 most commonly used apps, only 183 (30.5%) had privacy policies. Average policy length was 1755 (SD 1301) words with a reading grade level of 16 (SD 2.9). Two thirds (66.1%) of privacy policies did not specifically address the app itself. Our findings show that currently mHealth developers often fail to provide app privacy policies. The privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why privacy policies are often absent, opaque, or irrelevant, and to find a remedy.

Download Full-text

Integrating Universal Design (UD) Principles and Mobile Design Guidelines to Improve Design of Mobile Health Applications for Older Adults

2014 IEEE International Conference on Healthcare Informatics ◽

10.1109/ichi.2014.54 ◽

2014 ◽

Cited By ~ 8

Author(s):

Ljilja Ruzic Kascak ◽

Claudia B. Rebola ◽

Jon A. Sanford

Keyword(s):

Older Adults ◽

Mobile Health ◽

Universal Design ◽

Design Guidelines ◽

Improve Design ◽

Mobile Design ◽

Mobile Health Applications ◽

Health Applications

Download Full-text

Balancing in the GDPR

The Right to Erasure in EU Data Protection Law ◽

10.1093/oso/9780198847977.003.0005 ◽

2020 ◽

pp. 277-330

Author(s):

Jef Ausloos

Keyword(s):

Iterative Process ◽

Personal Data ◽

Fundamental Rights ◽

Clear Cut ◽

Ex Post ◽

Fundamental Rights And Freedoms ◽

Basic Infrastructure ◽

The Right ◽

Data Subject ◽

Conflicts Of Rights

This chapter takes a step back and looks at fair balancing acts induced by invoking the right to erasure. It starts with comparing balancing of fundamental rights and freedoms in the Charter with balancing in the GDPR. Indeed, it re-emphasizes how the GDPR as a whole, essentially constitutes a framework for fair balancing of rights, freedoms, and interests in the context of personal data processing. The chapter then lays out the actual blueprint for such fair balancing in the GDPR. It becomes clear how fair balancing in the GDPR is an iterative process, with ex ante and ex post balancing acts. The former need to be performed before processing initiates, and the latter refer to subsequent balances as triggered by data subject rights for example. Overall, the very nature of fair balancing does not allow for clear-cut, categorical answers to conflicts of rights, freedoms, and/or interests. Instead the GDPR should be looked at as defining the basic infrastructure for ensuring fair balancing, further to be refined by relevant stakeholders. This can notably happen through standards or certification mechanisms, guidance by authorities, and by controllers themselves.

Download Full-text

Does The GDPR Achieve Its Goal of “Protection of Youth”?

INTERNATIONAL JOURNAL OF MULTIDISCIPLINARY RESEARCH AND ANALYSIS ◽

10.47191/ijmra/v4-i8-16 ◽

2021 ◽

Vol 04 (08) ◽

Author(s):

Ammar Younas ◽

Keyword(s):

Data Protection ◽

Mobile Apps ◽

Personal Data ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Actual Choice ◽

Automated Processing ◽

General Data ◽

Privacy Risks ◽

Privacy Notices

The increasing ‘datafication of society’1 and ubiquitous computing resulted in high privacy risks such as commercial exploitation of personal data, discrimination, identity theft and profiling (automated processing of personal data). 2 Especially, minor data subjects are more likely to be victims of unfair commercial practices due to their behavioral characteristics (emotional volatility and impulsiveness) and unawareness of consequences of their virtual activities.3 Accordingly, it has been claimed that thousands of mobile apps utilized by children collected their data and used it for tracking their location, processed it for the development of child profiles so as to tailor behavioral advertising targeted at them and shared it with third parties without children’s or parent’s knowledge.4 Following these concerns, recently adopted EU General Data Protection Regulation (679/2016) departed from its Data Protection Directive (DPD) in terms of children’s data protection by explicitly recognizing that minors need more protection than adults5 and providing specific provisions aimed at protecting children’s right to data protection.6 Unlike the GDPR, the DPD was designed to provide “equal” protection for all data subjects irrespective of their age.7 This paper argues that consent principle along with the requirement of parental consent cannot effectively be implemented for the protection of children’s data due to the lack of actual choice, verification issues and complexity of data processing, and also the outcome of the privacy notices in a child-appropriate form is limited. However, there are other mechanisms and restrictions embodied in the GDPR, which provide opportunities for the protection of children’s data by placing burden on data controllers rather than data subjects.

Download Full-text

Human-Centred Design of Mobile Health Applications for Older Adults: Systematic Review and Narrative Synthesis (Preprint)

10.2196/preprints.29512 ◽

2021 ◽

Author(s):

Zethapong Nimmanterdwong ◽

Suchaya Boonviriya ◽

Pisit Tangkijvanich

Keyword(s):

Systematic Review ◽

Older Adults ◽

Mixed Methods ◽

Mobile Health ◽

Research Strategy ◽

Narrative Synthesis ◽

Eligibility Criteria ◽

Rigorous Research ◽

Mobile Health Applications ◽

Human Centred Design

BACKGROUND The world is ageing. The number of older patients rises, and along with it comes the burden of non-communicable diseases both clinical and economic. Attempts with mobile health (mHealth) have been made to remedy the situation with promising outcomes. Researchers have adopted human-centred design (HCD) in mHealth creation to ensure those promises become reality. OBJECTIVE The aim of this systematic review is to explore existing literature to address how human-centred design should be used to create highly usable mHealth applications. METHODS A systematic review was conducted to seek studies of mHealth interventions aimed at older adults with their HCD process explained from the following databases: IEEE Xplore, MEDLINE via Ovid, PubMed, and Scopus. Two independent reviewers then assessed their eligibility: they must be written in English, include participants older than 60 years old, and report about mHealth applications and their HCD development from start to finish. The 2 reviewers continued to assess the included studies’ qualities using the Mixed Methods Appraisal Tools (MMAT). A narrative synthesis was then carried out and completed. RESULTS Eight studies passed the eligibility criteria: 5 were mixed methods studies, and 3 were case studies. Some studies were about the same mHealth projects with the total of 5 mHealth applications. The included studies differed in HCD goals, target groups, and details of their HCD methodologies. The HCD process was thematically explored in 4 steps through narrative synthesis according to International Standardisation Organisation (ISO) 9241-210: (1) understand and specify the context of use, (2) specify the user requirements, (3) produce design solutions to meet these requirements, and (4) evaluate the designs against requirements. CONCLUSIONS Challenges and recommendations are summarised logically with structural order and time order based on Minto’s pyramid principle and ISO 9241-210. Findings show that existing literature in the subfield of HCD and mHealth for older adults is still limited. The quality of most included studies is also deemed inadequate as appraised by MMAT. The details of the sampling method are lacking. Also, objective and quantifiable goals of the system are not set, leading to failure in drawing a significant conclusion. More studies of HCD application on mHealth with measurable design goals and rigorous research strategy are warranted.

Download Full-text

Ethical Ambiguities in the Privacy Policies of Mobile Health and Fitness Applications

Advances in Computer and Electrical Engineering - Advanced Methodologies and Technologies in Network Architecture, Mobile Computing, and Data Analytics ◽

10.4018/978-1-5225-7598-6.ch063 ◽

2019 ◽

pp. 877-888

Author(s):

Devjani Sen ◽

Rukhsana Ahmed

Keyword(s):

Mobile Health ◽

Mobile Applications ◽

Personal Information ◽

Personal Data ◽

Third Parties ◽

Privacy Policies ◽

Email Address ◽

Health And Fitness ◽

The Creation

Personal applications (apps) collect all sorts of personal information like name, email address, age, height, weight, and in some cases, detailed health information. When using such apps, many users trustfully log everything from diet to sleep patterns. Studies suggest that many applications do not have a privacy policy, or users do not have access to an app's permissions before s/he downloads it to the mobile device. This raises questions regarding the ethics around sharing personal data gathered from health and fitness apps to third parties. Despite the important role of informed consent in the creation of health and fitness mobile applications, the intersection of ethics and sharing of personal information is understudied and is an often-ignored topic during the creation of mobile applications. After reviewing the online privacy policies of four mobile health and fitness apps, this chapter concludes with a set of recommendations when designing privacy policies to share personal information collected from health and fitness apps.

Download Full-text

Ethical Ambiguities in the Privacy Policies of Mobile Health and Fitness Applications

Encyclopedia of Information Science and Technology, Fourth Edition ◽

10.4018/978-1-5225-2255-3.ch528 ◽

2018 ◽

pp. 6083-6093

Author(s):

Devjani Sen ◽

Rukhsana Ahmed

Keyword(s):

Mobile Health ◽

Mobile Applications ◽

Personal Information ◽

Personal Data ◽

Third Parties ◽

Privacy Policies ◽

Email Address ◽

Health And Fitness ◽

The Creation

Personal Applications (apps) collect all sorts of personal information like name, email address, age, height, weight and in some cases detailed health information. When using such apps, many users trustfully log everything from diet to sleep patterns. Studies suggest that many applications do not have a privacy policy, or users do not have access to an app's permissions before s/he downloads it to the mobile device. This raises questions regarding the ethics around sharing personal data gathered from health and fitness apps to third parties. Despite the important role of informed consent in the creation of health and fitness mobile applications, the intersection of ethics and sharing of personal information is understudied and is an often-ignored topic during the creation of mobile applications. After reviewing the online privacy policies of four mobile health and fitness apps, this chapter concludes with a set of recommendations when designing privacy policies to share personal information collected from health and fitness apps.

Download Full-text

Foundations of Data Protection Law

The Right to Erasure in EU Data Protection Law ◽

10.1093/oso/9780198847977.003.0002 ◽

2020 ◽

pp. 37-116

Author(s):

Jef Ausloos

Keyword(s):

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

Historical Overview ◽

Legislative History ◽

Ex Post ◽

Technological Developments ◽

Data Protection Law ◽

Fundamental Rights And Freedoms ◽

The Right

Chapter 2 lays the groundwork for the rest of the book, clearly delineating the fundamental right to data protection, its relation to the GDPR, and the right to erasure in it. The historical overview demonstrates that the emergence of data protection is inherently tied to technological developments and how these may amplify power asymmetries. It is also made clear that informational self-determination or control over personal data lies at the heart of the fundamental right to data protection as proclaimed in Article 8 Charter. This is a clear difference with the GDPR that has a much wider prerogative, ie protecting all fundamental rights and freedoms whenever personal data is being processed. Put differently, whereas Article 8 Charter safeguards a minimum level of control over one’s personal data, the GDPR installs a fair balancing framework that safeguards any and all fundamental rights and freedoms as they are affected by the processing of personal data. The substantive provisions of the GDPR can be divided into four categories along the lines of ex ante v ex post and protective v empowerment measures (see data protection matrix). This chapter ends with positioning the right to erasure within the GDPR’s arsenal of ex post empowerment measures, describing its legislative history as well as its main benefits and drawbacks.

Download Full-text