UNIVERSITY of NOTRE DAME
A Sleeping Giant: mHealth Applications, the GDPR, and the Need for Federal Privacy Regulation in the United States
Kali Peeples*
Introduction
The creation and evolution of the smartphone has ushered in a technological marvel that is a double-edged sword: mobile health applications (mHealth apps). While this digitized tool enables people to access healthcare from the palms of their hands to track potentially life-threatening ailments or other health-related concerns, mHealth also necessitates the uploading of personal information to online databases that are ripe with privacy issues. As mHealth becomes more integrated within society and healthcare, it is imperative to highlight how privacy legislation from around the world is aiming to combat these issues to create a safe environment for consumers. An analysis of privacy regulation concerning mHealth apps is a multifaceted process that requires the examination of changes within not only the healthcare space but also the technological world, as well as the legislative history and intent of various nations.
Part I focuses on the development and rapid creation of mHealth apps within the past decade. Part II seeks to illustrate the distinct privacy concerns of mHealth apps by concentrating on the evolution of the physician-patient dynamic and the digitalization and personalization of healthcare. Once the privacy issues of mHealth are illustrated, this piece turns to privacy legislation from multiple countries that aim to combat these concerns. Part III concentrates on the current American piecemeal approach of having federal acts and state-specific privacy laws to protect American consumers. As this deficient approach does not account for the vast array of different types of mHealth apps, nor the plethora of information that each app gathers, Part IV looks towards Europe for a potential solution. This part details the European Union’s General Data Protection Regulation and how this regulation assigns extra protections and privileges to sensitive health data. As European Union countries can enact stricter provisions where the General Data Protection Regulation falls silent, Part IV also examines Germany’s conservative approach regarding health data privacy protections, as well as Finland’s liberal approach.
The main issue being addressed in this paper is whether the United States should create nationwide legislation that directly relates to mHealth data protection or continue with a self-regulatory method. Part V illustrates the pros and cons of each argument to determine which approach will sufficiently address American consumers’ concerns surrounding the protection of their health data. Ultimately, this piece argues that the United States should create legislation that resembles the European Union’s General Data Protection Regulation to account for the rapidly evolving technological world.
Part I focuses on the development and rapid creation of mHealth apps within the past decade. Part II seeks to illustrate the distinct privacy concerns of mHealth apps by concentrating on the evolution of the physician-patient dynamic and the digitalization and personalization of healthcare. Once the privacy issues of mHealth are illustrated, this piece turns to privacy legislation from multiple countries that aim to combat these concerns. Part III concentrates on the current American piecemeal approach of having federal acts and state-specific privacy laws to protect American consumers. As this deficient approach does not account for the vast array of different types of mHealth apps, nor the plethora of information that each app gathers, Part IV looks towards Europe for a potential solution. This part details the European Union’s General Data Protection Regulation and how this regulation assigns extra protections and privileges to sensitive health data. As European Union countries can enact stricter provisions where the General Data Protection Regulation falls silent, Part IV also examines Germany’s conservative approach regarding health data privacy protections, as well as Finland’s liberal approach.
The main issue being addressed in this paper is whether the United States should create nationwide legislation that directly relates to mHealth data protection or continue with a self-regulatory method. Part V illustrates the pros and cons of each argument to determine which approach will sufficiently address American consumers’ concerns surrounding the protection of their health data. Ultimately, this piece argues that the United States should create legislation that resembles the European Union’s General Data Protection Regulation to account for the rapidly evolving technological world.
References
* Juris Doctor Candidate, Notre Dame Law School, 2024; Bachelor of Arts in Biology and Africana Studies, Bucknell University, 2021. Many thanks to Professor Sadie Blanchard for her guidance and encouragement as my advisor for this Note, and to my colleagues on the Notre Dame Journal on Emerging Technologies for their hard work in editing and providing feedback for this piece. I also want to express my sincere love and appreciation to my family and friends. Thank you for your continuing support throughout my law school journey.
- health care
Article by Timothy J. Haltermann
- health care
Article by William Ulrich
Notre Dame Journal on Emerging Technologies ©2020