Ethical Ambiguities in the Privacy Policies of Mobile Health and Fitness Applications

Ethical Ambiguities in the Privacy Policies of Mobile Health and Fitness Applications

Devjani Sen (University of Ottawa, Canada) and Rukhsana Ahmed (University of Ottawa, Canada)
Copyright: © 2018 |Pages: 11
DOI: 10.4018/978-1-5225-2255-3.ch528
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Personal Applications (apps) collect all sorts of personal information like name, email address, age, height, weight and in some cases detailed health information. When using such apps, many users trustfully log everything from diet to sleep patterns. Studies suggest that many applications do not have a privacy policy, or users do not have access to an app's permissions before s/he downloads it to the mobile device. This raises questions regarding the ethics around sharing personal data gathered from health and fitness apps to third parties. Despite the important role of informed consent in the creation of health and fitness mobile applications, the intersection of ethics and sharing of personal information is understudied and is an often-ignored topic during the creation of mobile applications. After reviewing the online privacy policies of four mobile health and fitness apps, this chapter concludes with a set of recommendations when designing privacy policies to share personal information collected from health and fitness apps.
Chapter Preview
Top

Introduction

Mobile leisure, health, and wellness applications (apps) are ubiquitous. A recent study reveals that there are approximately 97,000 varieties of inexpensive and easy to use mobile health apps available in the market; at such a pace numbers are becoming outdated almost as soon as they are published (Privacy Clearinghouse, 2013). It is predicted that by 2017 half of the world’s more than 3.4 billion smart phone users will have downloaded health and fitness apps (Comstock, 2013), which raises the question: what happens to the sensitive data consumers enter into these apps?

Indeed, a hot topic in both Canada and the U.S., concerns exactly what third parties, such as insurance companies, can legally do with personal data. American law dictates that health insurance companies cannot discriminate based on a history of illness. However, while data held by a health plan, health care provider, or lab may be protected by the federal Health Insurance Portability and Accountability Act (HIPAA), legal scholars warn that if a patient is going to upload health or wellness data to a mobile application (app), it may not be covered by those laws (Rogers, 2014; Whitman & Mattord, 2012). Such legal ambiguities have implications for Canadian users of health and wellness apps, because many of these devices are based in the U.S., with the data being stored on U.S. servers and thus they may not conform to privacy requirements (Akkad, 2013).

There are some other important concerns with privacy and security issues related to mobile health and fitness applications. For example, personal apps collect all sorts of personal information like name, email address, age, height, weight, and in some cases detailed health information. When using such apps, many users may trustfully log everything from diet to sleep patterns in the apps. By sharing such personal information end- users may make themselves targets to misuse of this information by unknown third parties. Moreover, according to Gralla et al. (2011), apps can gather the phone number and the unique ID number of each type of phone: the Unique Device Identifier (UDID) on an iPhone, the International Mobile Equipment Identity (IMEI) number on a BlackBerry, and (depending on the make) the IMEI or the Mobile Equipment Identifier (MEID) on an Android phone. In this way, personal information that apps gather about an end-user can be matched to these IDs, which means that ad networks can easily combine various pieces of information collected by multiple apps to build a sophisticated profile about a given end-user and thereby posing a major privacy risk to personal data. Therefore, uninformed decision making by end-users raises important concerns regarding the ethics around sharing personal data gathered from health and fitness apps to third parties. These concerns can be much graver when Martínez-Pérez and colleagues (2014), in a review of privacy and security in mobile health apps, found evidence of insecure handling of clinical and medical data.

To summarize, the issues raised above may be broken down to the following concerns:

  • 1.

    Ownership and veracity of sensitive data shared on personal apps;

  • 2.

    What end users really understand about the use of their data (what data is collected and the specifics of how it may be used);

  • 3.

    The ethics of sharing end-users' personal information and sharing it with third-parties.

Key Terms in this Chapter

Mobile Health and Fitness Applications: Application programs that offer health-related services on portable devices such as smartphones and tablet computers.

Online Privacy Policy: A document, typically required by law, which regulates the relationship between the user and the website with the purpose of limiting companies' legal liability during site use.

Information Security: The process of protecting the availability, integrity and privacy of information.

Personal Identifiers Information (PIIs): Comprises information, that when considered alone, or in combination with data from other sources, may contribute to distinguish (identify) an individual.

Mobile Applications: A term used to describe Internet applications that run on portable devices such as smartphones and other mobile devices to make it easier for users to access the Internet.

Ethics: The critical examination of the advantages and disadvantages when deciding upon the correct conduct involving a moral issue.

Privacy: An individual's right to control how and to what extent information about him or her may be shared and acted upon by others.

Complete Chapter List

Search this Book:
Reset