Processing Purposes

Research output: Contribution to conferenceAbstractAcademic


Commercial mobile apps and wearables aiming at health behaviour change are flourishing in the major app stores. These technologies enable people to monitor their own health by using (pressure) sensing technologies that measure vital signs (such as heartrate) and track progress (such as counting steps). The use of these so-called commercial ‘health apps’ within medical practice creates several legal challenges, such as reconciling with data protection laws and principles. Especially because the two major legal frameworks which regulate data protection in Europe, e.g. the General Data Protection Regulation (GDPR) and the Council of Europe’s Modernised Convention 108 , label these kinds of personal data as a special category of data, also referred to as sensitive data. These data protection regulations further provide that personal data can only be processed for specified, explicit and legitimate purposes. This is referred to as purpose limitation. Therefore, this research offers an analysis of the principle of purpose limitation in European data protection law and examines how privacy policies of health apps deal with this principle in practise so legal obstacles for using commercial health apps in a medical practise can be revealed. Furthermore, lawful ways to handle such obstacles will be discussed. This could increase adoption of commercial apps in clinical practice and affect the development of the next generation of health apps.
Original languageEnglish
Publication statusPublished - 2019
EventThe futures of eHealth: Social, legal and ethical challenges - Humboldt Institute for Internet and Society, Berlin, Germany
Duration: 29-Apr-201930-Apr-2019


ConferenceThe futures of eHealth
Internet address


  • data protection
  • health data
  • GDPR

Cite this