The mHealth Power Paradox: Improving Data Protection in Health Apps through Self-Regulation in the European Union

Abstract

An increasing number of EU citizens uses self-monitoring mHealth apps: apps used by consumers in a private setting to monitor their general health. The extensive processing of health data by these apps poses severe risks to users’ privacy. These risks are exacerbated by the inapplicability of the EU legal framework on health and patients’ rights to these apps. Furthermore, while the EU’s General Data Protection Regulation provides a solid legal framework for the protection of health data, in practice, many mHealth apps do not comply. In light of the lack of effective EU regulation, this paper examines the feasibility of self-regulation by app stores as a complementary form of regulation in order to improve the level of protection of EU mHealth app users. App stores already play an important role by regulating third-party mHealth apps distributed on their platforms in a top-down manner by means of app review procedures. In order to assess the effectiveness of these existing practices, a case study analysis is performed on the regulatory practices of Apple’s App Store and Google’s Google Play Store. This analysis is the basis for recommendations on how to strengthen current self-regulation initiatives by app stores in the context of health data protection.