GDPR – does your health app protect your personal data?


Late last month a European study found that 80% of health apps tested, did not

follow well-known practices and guidelines, not even legal restrictions imposed by contemporary data protection regulations, thus jeopardizing the privacy of millions of users.

Health apps encourage us to enter personal data from weight targets, exercise routes and x-rays.

This isn’t about buying a free app with your personal data. It is much worse. This is a simple lack of concern, understanding or attention to the privacy of ‘customers’. Let us count the ways:

  • Only 20% of the apps stored personal data on the users’ phones, which affords the most protection. The remaining 80% shared the data with third parties (reading between the lines this means server farms, not companies set up to exploit the data)
  • And only half of the apps that uploaded data to the intranet did so securely, i.e. using https – though all that means is that the recipient has bought a readily available SSL certificate
  • More than half the apps use a URL link to send data, making it potentially available to anyone who works out the URL
  • 20% of the apps directed users to a privacy policy in a different language to the app (in this case English) or to no policy at all
  • Many of the apps demand access to functionality – such as Bluetooth, contacts and camera – they don’t need

You might argue that you get what you pay for and a free app can’t be expected to invest in privacy. But these are legal requirements and easy to get right.

Most surprisingly the apps tested weren’t the strange unloved apps at the bottom of the list. All had at least 100,000 downloads (some 10 million). And they were all rated 3.5/5 or higher.

If you are using a health app, now is the time to find out whether it protects your personal data. If you process personal data, ask yourself if you adhere to the existing, let alone new, regulations.


Similar stories

Roman Romashov

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.