Medical Apps: More Transparency Is Needed on Data Use
MEDICAL APPS: MORE TRANSPARENCY IS NEEDED ON DATA USE
Half of the apps do not provide information to users before download or request excessive data
More transparency is needed on the use of medical app downloaders' data in Italy.
The findings of the survey started in May by the Italian DPA to check compliance with Italian legislation by medical apps show that users are not protected adequately also in our country; moreover, users are too often unable to give their informed, free consent. The medical apps sector has been growing at an increasingly fast pace and has several highly sensitive implications for individuals' privacy. The initiative by the Italian DPA is part of the "Privacy Sweep 2014", promoted by the Global Privacy Enforcement Network (GPEN) – which is an international network tasked with enhancing DPAs' cooperation worldwide, including the Italian DPA. The decision to focus on medical or wellness apps is in line with the concerns that were voiced recently at European level in this regard. The European Commission launched a public consultation on mobile health a few months ago and published a Green Paper on mobile health.
Half of the medical apps surveyed by the Italian DPA's "sweepers" out of a sample including those with the highest number of downloads on the various platforms (Android, iOs, Windows, etc.) do not provide information on data use prior to installation, or else provide very general information or request excessive data compared to their features. In many cases the privacy notice is not tailored to the small screen size and is thus hard to decipher; in yet other cases the privacy notice is found, for instance, in the technical credits area of the given device.
Based on the findings of the survey, the DPA is now considering further steps also with a view to issuing measures or sanctions.
At the international level, the privacy sweep initiative highlighted the existing concerns on apps – which offer a wide gamut of features ranging from games to weather forecasting, from news to banking services. The sweep shows that poor care is taken of protecting users' data whilst it is necessary for these apps – which collect huge amounts of personal information – to be more transparent on the use of such information.
Out of a total of 1,200 apps surveyed, barely 15% provide really meaningful privacy notices. In 59% of the cases the DPAs found it hard to locate pre-installation privacy notices.
Rome, 10 September 2014