Hand holding smartphone with colorful app icons concept.

Who Owns the Data Collected by Direct-to-Consumer Health Apps?

Sara Gerke Digital Health, Direct-to-Consumer Health Apps: Ethical, Legal, and Regulatory Concerns, Health Information Technology, In Focus Series, Informed Consent, Medical devices, Medical Privacy, Mobile Health, Privacy, Sara Gerke

By Sara Gerke and Chloe Reichel

Who owns the data that are collected via direct-to-consumer (DTC) health apps? Who should own that data?

We asked our respondents to answer these questions in the third installment of our In Focus Series on Direct-to-Consumer Health Apps. Learn about the respondents and their views on data privacy concerns in the first installment of this series, and read their thoughts on consumer access to DTC health app data in the second installment.

Peter Chai:

Patients and users should ultimately own their data unless specifically outlined in data use agreements within health apps.

Sara Gerke:

I think that this is a tricky question and not so easy to answer. Intuitively, one would say that the individual owns and should own the data that are collected via DTC health apps. Interestingly, the law tries to avoid using the term “ownership.” For example, the EU General Data Protection Regulation talks about rights of the data subject. When it comes to data collection to promote, for example, the development of Artificial Intelligence/Machine Learning-based products in medicine, there is also the question of whether there is a moral duty to share this data.

Ariel Stern:

Trick question! Of course, the answer depends on the data use agreement that all users agree to before launching the app. In many cases, companies will try to retain data indefinitely, with the ability to sell data, reuse data liberally, and to do so even beyond the time during which a consumer uses a DTC health app. That’s quite different from the answer to who should own the data. I believe a patient should own his/her own data – and at a minimum, they should opt into any uses of the data whereby privacy or security may be compromised or in which third parties (beyond app developers) have access to the data. Of course, tools like “broad consent” agreements for research purposes could be built into app registration, so that patients can be confident that their data is shared, for example, only with researchers.

Deborah DiSanzo:

Many years ago, when health care informatics was just beginning, a reporter at the HIMSS show asked me, “who owns the data?” My answer then was, “patients own their data.” And, in some countries in the world, by law, patients do own their data. I hold the same view all these years later. Patients and consumers should own their health data, and this needs to be protected by law.

Sara Gerke

Sara Gerke joined the Petrie-Flom Center's Project on Precision Medicine, Artificial Intelligence, and the Law (PMAIL) in August 2018. As Research Fellow, Medicine, Artificial Intelligence, and Law, Sara oversees the day-to-day work of the Center’s component of this collaborative project, including conducting law, policy, and ethics research; drafting reports and recommendations; and coordinating the Center's efforts with collaborators at the Center for Advanced Studies in Biomedical Innovation Law (CeBIL) at the University of Copenhagen as well as other partners.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.