The CNIL voices concerns on connected health

note1The French data protection authority (CNIL) published its annual report for the year 2013. For 2014, the Commission will focus on the “construction of well-being” and assess the impact of new health-related digital trends on privacy.

Ranging from connected bracelets and watches to connected scales, connected health has recently invaded the stalls of specialized stores. These items make it possible to gather a vast amount of data on their users. For instance, it is easy to collect data pertaining to the heart rate, the number of steps made per day, sleep quality and blood pressure. And this, according to the CNIL’s report, is only the beginning. It is expected that by 2017, half of the population of smartphone users will have at least one well-being or health related application installed.  Apple Inc., to mention but one example, is expected to launch the so-called Healthbook application later this year, which will be installed as a default application on all its handsets.

This digital well-being phenomenon, also called “quantified self”, is interesting in several respects. It should be noted that the data are generated by the users. Nevertheless, even though these data are of a private nature, users very often share them.

Yet the CNIL is concerned by the fine line between well-being and health. Indeed, health data are treated as sensitive and are more strictly regulated. Section 8 of the Data Protection Act (loi Informatique et Libertés) of July 6, 1978 provides that the collection and processing of such data are prohibited as a matter of principle. However, the many exceptions linked to this rule have allowed the aforementioned trend to emerge.

Furthermore, the Commission is concerned about the security of such data and its use by the companies which collect them. The report states that users feel that they are directly connected to these data “for they come from them”, although companies could sell them or use them for purposes unknown to the users.

Finally, the report points to the fact that so-called “quantified self” practices could become the norm. Some American insurers reportedly treat clients who do not self-measure their medical data as suspicious and refuse to compensate them in the event of damage. According to the CNIL, the challenges of connected health are only just beginning and risks abound. However, with the support of the G29 and European Commissioner Viviane Reding, the Commission will undoubtedly be committed to protecting those very private data.

Dreyfus can assist you in better protecting your data and in managing your online presence. Please contact us for further details.