By Sara Gerke and Chloe Reichel
Who owns the data that are collected via direct-to-consumer (DTC) health apps? Who should own that data?
We asked our respondents to answer these questions in the third installment of our In Focus Series on Direct-to-Consumer Health Apps. Learn about the respondents and their views on data privacy concerns in the first installment of this series, and read their thoughts on consumer access to DTC health app data in the second installment.
Patients and users should ultimately own their data unless specifically outlined in data use agreements within health apps.
I think that this is a tricky question and not so easy to answer. Intuitively, one would say that the individual owns and should own the data that are collected via DTC health apps. Interestingly, the law tries to avoid using the term “ownership.” For example, the EU General Data Protection Regulation talks about rights of the data subject. When it comes to data collection to promote, for example, the development of Artificial Intelligence/Machine Learning-based products in medicine, there is also the question of whether there is a moral duty to share this data.
Trick question! Of course, the answer depends on the data use agreement that all users agree to before launching the app. In many cases, companies will try to retain data indefinitely, with the ability to sell data, reuse data liberally, and to do so even beyond the time during which a consumer uses a DTC health app. That’s quite different from the answer to who should own the data. I believe a patient should own his/her own data – and at a minimum, they should opt into any uses of the data whereby privacy or security may be compromised or in which third parties (beyond app developers) have access to the data. Of course, tools like “broad consent” agreements for research purposes could be built into app registration, so that patients can be confident that their data is shared, for example, only with researchers.
Many years ago, when health care informatics was just beginning, a reporter at the HIMSS show asked me, “who owns the data?” My answer then was, “patients own their data.” And, in some countries in the world, by law, patients do own their data. I hold the same view all these years later. Patients and consumers should own their health data, and this needs to be protected by law.