A law firm has called on EU regulators to rethink the impact of the forthcoming European General Data Protection Regulation (GDPR) on data generated by health trackers and other wearables, including the Apple Watch, Fitbit and Garmin fitness bands.
Osborne Clarke claims the new law, set to come in force from 2018, will stifle innovation in the technology sector while not differing greatly from the rules as currently laid out in the Data Protection Act of 1998.
Under the GDPR, the European Commission has said that better data protection rules will strengthen citizens’ rights and help to restore their confidence in how their personal data is treated – particularly online.
Research conducted by the law firm found that 55pc of the 4,000 or so people questioned would happily permit their data, such as sleep patterns, exercise regimes and heart rate information, be used to recommend medication.
Research from IDC suggests around 173.4m wearables will be shipped by 2019, ranging from the Apple Watch to more basic trackers which do not run third party apps.
“The rules do not appear to be changing dramatically from what they are currently. This is where the problem lies as a huge opportunity has been missed,” said Bleddyn Rees, consultant at Osborne Clarke.
“The Data Protection Act was created nearly twenty years ago; a long time before any of this technology even existed. The new laws need to be brought up to date in line with today’s connected world.
“Companies need to get their data collection correct now to ensure they pave the way for the future. We need to ensure that Data Protection regulations are clarified with rapidly advancing technology in mind to allow for personal data to be collected and used, in order to unlock the potential of digital health.”
The concept of data-based healthcare was particularly attractive to the 18-24 year-old age category questioned, 68pc of whom said they would like to be alerted to any potential health issues, while 62pc were also happy to be recommended medication from their wearable or health app.
The European Parliament voted through the stronger data protection rules in March 2014, which include a ‘right to be forgotten’, allowing citizens to delete their data from companies’ computer systems, and a ‘right to data portability’, making it easier for citizens to transfer their personal data between service providers.
The rules ban the transfer of data unless it is specified by EU law or a new EU-US pact and make it harder for US internet servers and social media sites to transfer European data to outside countries.
The new standards also carry large fines for any company that fails to comply.
“Smart use of health data is way more than just mapping heart rates and running distances, it can save lives if allowed to be used correctly. Unfortunately, the forthcoming legislation has the potential to nullify the potential of such technology by being overly restrictive,” said Jon Fell, partner at Osborne Clarke.
“A discussion is already taking place amongst manufacturers around self-regulation. However, governmental bodies need to come to the table to add the most important ingredients here, trust and clarity. They need to work with these smart companies to find a path forward.”