Skip main navigation

Apps and wearables

It is very common to measure your own health via modern technologies, such as apps and wearables. Does the GDPR allow this kind of processing?
Anna surrounded by apps
© University of Groningen
Last week you learned that medical data is part of health data and that this is a special categories of data according to Article 9 GDPR. Besides this legal protection of health data, we saw that doctors and healthcare professional are also bound by their oath and their contract to make sure your medical data cannot be shared with just anyone.
Where medical data is limited to data in the doctor – patient relationship, health data can also exist outside of the medical context. In that situation it is still considered sensitive data and this kind of data cannot be processed, unless one of the exceptions mentioned in paragraph 2 and 3 of Article 9 GDPR are met, such as if Anna gives her explicit consent. So if Anna wants to keep track of her health during her pregnancy and uses an app to do so, the app is processing her personal health data. Processing of personal health data could also take place via, for example a wearable such as a Fitbit, social media or online trackers. And since the processing of sensitive data is generally prohibited, it is important to determine what health data exactly entails.

What is health data?

You already saw in Week 1 that the definition the GDPR gives to data concerning health can be found in Article 4. It is defined as personal data related to the physical or mental health of persons, including the provision of healthcare, which reveal information about a persons’ health. If you read this definition carefully, you will probably realise that this is a very broad definition. As soon as personal data reveals information about a persons’ health, it is considered as health data.
The preamble to the GDPR gives some practical examples of what is covered by the definition of health data. It includes for example information on a disease, a disability and even a disease risk. So, for example, information about a person’s obesity, high or low blood pressure, genetic predisposition, but also information on tobacco consumption are part of health data. All these examples are linked to a disease risk of a person. If, for example, Anna smokes, this could increase her risks of getting lung cancer. Having high blood pressure, could endanger her pregnancy. And her genetic predisposition could reveal risks on future diseases she is not even aware of yet.
Furthermore, the preamble adds that it does not matter what the source of the information on a disease, a disability and a disease risk is. This is of importance, since it means that the source of the information is not limited to medical devices. As a consequence, information processed by a commercial app or wearable could also be part of this category of sensitive data.
This does not mean that this type of data cannot be processed, although paragraph 1 of Article 9 GDPR does prohibit it. One of the main exceptions used by commercial health apps, is the first exception of paragraph 2. If the data subject gives explicit consent for the processing of health data, paragraph 1 does not apply. So, if Anna wants to use a health app and she consents to the app processing her personal data, she lifts the prohibition of paragraph 1. Which means that in the end, it is up to you to decide whether you want your personal health data to be processed in a commercial setting.
Do you think it’s a good thing that data subjects such as yourself are given this option? How do you feel about the prospect of having your data processed in a commercial setting? Could it be harmful? Might there be benefits? You can discuss this with other learners on the discussion board.
© University of Groningen
This article is from the free online

Protecting Health Data in the Modern Age: Getting to Grips with the GDPR

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education