In a world of fitness apps it is important to know what is health data and how it shall be processed

On February 5, 2015, Article 29 Working Party (“WP29″) clarified the scope of the definition of data concerning health in relation to lifestyle and wellbeing apps.

The Data Protection Directive (95/46/EC) establishes that health data are a special category of data, to which a higher level of data protection applies. According to the letter, the processing of health data should only be permitted after having obtained the explicit consent of the data subjects.

In the Annex to the letter, WP29 provides criteria to determine when data processed by lifestyle and wellbeing apps are health data. Acknowledging the difficulties to define these data and the many grey areas, WP29 tries to summarize a definition by stating that “personal data are health data when:

1. The data are inherently/clearly medical data

2. The data are raw sensor data that can be used in itself or in combination with other data to draw a conclusion about the actual health status or health risk of a person

3. Conclusions are drawn about a person’s health status or health risk (irrespective of whether these conclusions are accurate or inaccurate, legitimate or illegitimate, or otherwise adequate or inadequate)”.

The Annex clarifies that a key provision to the treatment of health data is the principle of transparency, inseparably connected to the legal ground of consent.

Purpose limitation is another key provision that deserves careful consideration. When the processing involves health data, further processing for different purposes (outside the professional health care domain) is strictly limited.

WP29 also highlights the duty to apply proper anonymisation techniques and other security measures, including privacy by design and data minimization.

Finally, in view of the proposed Data Protection Regulation, WP29 provides some additional reflections about the processing of health data, for historical, statistical and scientific research purposes.

WP29 letter dated February 5, 2015 is available at http://ec.europa.eu…

Open PDF

The Annex to the letter is available at http://ec.europa.eu…

Open PDF 

Follow us on& Like us on