Apps and wearables

What is health data?
You already saw in Week 1 that the definition the GDPR gives to data concerning health can be found in Article 4. It is defined as personal data related to the physical or mental health of persons, including the provision of healthcare, which reveal information about a persons’ health. If you read this definition carefully, you will probably realise that this is a very broad definition. As soon as personal data reveals information about a persons’ health, it is considered as health data.The preamble to the GDPR gives some practical examples of what is covered by the definition of health data. It includes for example information on a disease, a disability and even a disease risk. So, for example, information about a person’s obesity, high or low blood pressure, genetic predisposition, but also information on tobacco consumption are part of health data. All these examples are linked to a disease risk of a person. If, for example, Anna smokes, this could increase her risks of getting lung cancer. Having high blood pressure, could endanger her pregnancy. And her genetic predisposition could reveal risks on future diseases she is not even aware of yet.Furthermore, the preamble adds that it does not matter what the source of the information on a disease, a disability and a disease risk is. This is of importance, since it means that the source of the information is not limited to medical devices. As a consequence, information processed by a commercial app or wearable could also be part of this category of sensitive data.This does not mean that this type of data cannot be processed, although paragraph 1 of Article 9 GDPR does prohibit it. One of the main exceptions used by commercial health apps, is the first exception of paragraph 2. If the data subject gives explicit consent for the processing of health data, paragraph 1 does not apply. So, if Anna wants to use a health app and she consents to the app processing her personal data, she lifts the prohibition of paragraph 1. Which means that in the end, it is up to you to decide whether you want your personal health data to be processed in a commercial setting.Do you think it’s a good thing that data subjects such as yourself are given this option? How do you feel about the prospect of having your data processed in a commercial setting? Could it be harmful? Might there be benefits? You can discuss this with other learners on the discussion board.Protecting Health Data in the Modern Age: Getting to Grips with the GDPR

Our purpose is to transform access to education.
We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.
We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.
Learn more about how FutureLearn is transforming access to education