Health apps have revolutionised the best way we strategy well being and train. They supply customers with the flexibility to trace their exercises, monitor their progress in direction of health objectives and share achievements with a like-minded group. Nonetheless, these advantages include vital privateness and safety dangers, notably concerning the disclosure of customers’ places.
Current articles within the Guardian and French newspaper Le Monde, reported that health apps, resembling Strava, had revealed the places of some world leaders, posing a possible safety danger.
This case spotlights the gaps in legislative measures that fail to evolve at tempo with technological developments. But it surely additionally underscores a crucial want for customers themselves to undertake a extra vigilant strategy when partaking with such platforms.
Whereas authorized frameworks lay the muse for shielding consumer privateness, they don’t seem to be
foolproof towards breaches. This necessitates a twin duty. Each regulatory our bodies and customers should collaborate to make sure strong information safety.
Health apps usually require entry to location information to supply correct monitoring
of actions like working, biking and strolling. Whereas this performance is helpful for customers, it additionally opens up potential safety vulnerabilities. This isn’t the primary time that Strava has confronted scrutiny for its dealing with of location information.
In 2018, the corporate’s International Heatmap function, which visualises the actions of its customers, inadvertently revealed the places of secretive navy bases. This occurred as a result of troopers utilizing the app have been unknowingly sharing their working routes, which have been then aggregated and displayed on the heatmap.
Such vulnerabilities aren’t remoted however slightly endemic throughout comparable purposes that rely closely on information aggregation and transmission processes. This incident highlighted the potential for health apps to compromise delicate places. As a major danger, customers’ real-time places and recurring routes are revealed, which could possibly be exploited by these with unhealthy intentions, resembling cybercriminals.
So how can customers shield themselves, and is the UK’s authorized framework adequately strong to make sure that consumer rights are protected?
Effectively, within the UK, the first laws governing information safety is the Information Safety Act 2018 (DPA) which includes the Basic Information Safety Regulation. This authorized framework units out stringent necessities for a way private information, together with location information, have to be dealt with by organisations.
For instance, Apple’s Location Providers privateness coverage offers how the situation information might be used. Customers have a number of rights with respect to their private information underneath the DPA. This consists of the suitable to be told, the suitable of entry and the suitable of rectification amongst others. Nonetheless, these legislative measures have but to evolve alongside fast technological progress.
The DPA will not be adequately geared up to particularly goal the intricacies of knowledge shared by way of health apps. Health apps are additionally thought to be low-risk synthetic intelligence techniques and subsequently solely topic to primary product legal responsibility legal guidelines as an alternative of extra stringent legal guidelines that govern medical units.
Taking duty
However, the onus of duty can’t relaxation solely on regulatory
frameworks. Customers should domesticate a heightened consciousness concerning the potential
hazards of sharing private data on-line.
As an illustration, Strava affords privateness zones that cover the beginning and finish factors of actions inside a specified radius. Along with this, customers ought to study in regards to the potential dangers of sharing location information and the right way to use privateness options successfully, together with reviewing privateness insurance policies.
Customers also can select to share the minimal quantity of private information needed for the app to perform. Selling consciousness of those options may assist create a tradition the place heightened warning turns into second nature.
Within the meantime, health app builders should guarantee compliance with information safety legal guidelines, together with implementing strong safety measures to guard consumer information. Common
safety audits and updates also can assist determine and deal with vulnerabilities in
health apps.
This twin strategy – complete legislative motion coupled with
knowledgeable consumer and developer behaviour – can mitigate dangers related to
rising applied sciences, making certain that non-public information stays safe whilst customers have interaction extra deeply with these platforms.