The role of law in protecting personal data generated by health apps and wearables

Discussions on the development of modern technologies often go hand in hand with questions relating to privacy and data protection. In health care, a similar situation occurs. Traditionally, the health care sector is a very closed and homogenised sector, especially regarding the personal data of patients. The personal data needed for treatment of patients used to stem from the doctor – patient relationship. Nowadays health applications (‘apps’) and wearables are an important part of our contemporary society. As a consequence of the popularity of commercial health apps and wearables, the tried and trusted homogenic structure of health data within a health care setting is subjected to change. Data sources are getting more heterogeneous. The questions regarding the development and use of health apps and wearables do not only impact legislative bodies. Health care institutions grapple with questions on whether they can use commercial health apps and wearables in a medical setting. The question whether they can ‘use’ these apps and wearables for medical diagnosis is not only related to legislation but is also related to technology. All these questions from the different sectors involved is what inspired this PhD thesis. One of the main findings of this research is that the data subjects of whom data are processed have the most to lose, due to the uncertainty that concerns health data protection and the lack of enforcement in practice.