On January 18, 2022, the International Digital Accountability Council (IDAC) held a webinar on the state of mobile health apps and data privacy in 2022. The webinar built off of our recent report, “Digital Health is Public Health: Consumers’ Privacy & Security in the Mobile Health App Ecosystem,” which analyzed more than 150 mobile health apps in the Google Play Store and how they treat consumer privacy.
Chaired by IDAC President Quentin Palfrey, the webinar featured three subject matter experts:
- Aneesh Chopra, President of CareJourney and former U.S. Chief Technology Officer under President Barack Obama.
- Alice Leiter, Vice President & Senior Council of the Executives for Health Innovation (EHI).
- Alexandra Reeve Givens, President & CEO of the Center for Democracy & Technology.
The panelists opened the webinar by discussing the report’s findings: through IDAC’s investigation into more than 150 Android health apps, we discovered that numerous apps may violate or contradict critical privacy policies, as well as transmit sensitive health information to countries like Russia and China. and what they mean in the larger health app ecosystem. The panelists then discussed broader trends in the mobile health app ecosystem, as well as specific solutions that should be taken to ensure the protection of consumer data privacy.
Each panelist offered a unique perspective on what solutions should look like. Chopra, for instance, emphasized how greatly the actions of one regulatory body can impact the mobile health app ecosystem.
“Imagine,” he said, “the app stores creating a separate health category that will fall under the rubric of connected health apps in which case entry into said app store would require a lot higher bar to be met in terms of privacy policy disclosure, adherence, and so forth.”
“I believe,” he continued, “even one regulatory body that kind of requires this may be enough to get the big EHR platforms and some of the app stores that are physician-facing…[to move] even if it’s only one state executing a policy that requires there to be a distinction.”
Reeve Givens emphasized the importance of passing data privacy reform at the federal level, protecting users regardless of the state they’re in.
“There are going to be some moments where users want to share their information,” she said. “How do we let them do that in a truly empowered, informed way that doesn’t rely on a 15-page terms of service, but allows them to understand, ‘okay, if I move over here, I can still have confidence that these baseline protections are going to apply?’”
Leiter stressed how critical it is to not only protect user privacy, but empower users so they may decide how their data is actually being used.
“As we help individuals feel ownership of their data and an active role in their health care and health management, we should add to that list,” she noted. “There is an active role that they can play in the protection of their data by virtue of who they’re choosing to give it to.”
While noting the crucial role that regulators have in protecting data privacy, Palfrey highlighted the important role that civil society should play in this process
“[Civil society watchdogs],” Palfrey said, “who are technically savvy, who are focused on the consumer interest, [can] be a little bit more proactive and a little bit more focused on risks and harms before they crystallize into a class-action lawsuit or an FTC investigation.”
Palfrey finished by stressing how, through understanding the perspectives of both regulators and publishers, civil society actors can think in a truly long-term manner to drive change.
Though each panelist offered their own thoughts on solutions and the future, they were unanimous in their concluding remarks: watchdogs like IDAC have an important role to play in protecting consumer data privacy as public and private actors pioneer a new digital world.
You can watch the full webinar here.