On the occasion of its annual report, the CNIL warns against the lack of protection of personal data of health applications for smartphones, and the vogue of the “quantified self”.
The National Commission for Informatics and Freedoms (Cnil) is worried about the “quantified self”, which generates a large amount of unprotected personal data, due to the many health applications for smartphones.
Nearly 100,000 mobile health applications
There are many health apps that can be downloaded to smartphones. They make it possible in particular to count the number of daily steps, the calories burned, the kilometers traveled or even the hours of sleep. It is all this personal data stored on smartphones that the CNIL wishes to protect, according to its annual report.
According to the Research3guidance institute, there are nearly 100,000 mobile health applications. More and more smartphones are equipped with it. The individual therefore keeps a lot of personal data, without any protection, leaving “an imprint of the body” on “a fuzzy border of well-being and health” in the medical sense. Because if the collection and use of health data by professionals (doctors, laboratories, security, data hosts) are subject to a strict framework, this is not the case for those relating to the “quantified self”. the CNIL. These practices “touch on privacy and yet are most often intended to be shared”, underlines the institution.
Guarantee user privacy
The number of users of these apps is 3.4 billion users and could reach $ 26 billion in 2017, according to Research3guidance. And the CNIL wonders: “How to support the development of this market, while preserving the privacy of users? “, Concerning practices which” are based on increasingly automated data capture methods and induce the circulation of large masses of personal data, which affect privacy and yet most often intended to be shared “, in its annual report.
The commission therefore launched a “worksite” on these questions in 2013, emphasizing several areas, in particular the status to be given to these data, which are “likely to reveal intimate life …”.
She is worried about the centralization and security of this data. Can they be sold, reused ?, thus emphasizing that users have the impression of “establishing a direct relationship with their data”, forgetting the commercial enterprise behind the application that processes them. She is therefore concerned about the lack of protection accompanying these practices, but also about the impact they could have. “Could the quantified self impose itself on everyone as certain practices of American insurers seem to predict?” Could he become suspicious of not self-drilling? She asks herself.
The commission declared that it hoped to deliver in 2014 “its first conclusions on the regulatory modalities envisaged to support the development of this market while preserving the privacy of users. “
.
