Data security is a subject of paramount importance in the Information Age. As modern society continues to lean further and further into utilising digital platforms and services for essential tasks, so too does our reliance on cybersecurity grow ever-stronger.
Our personal information is highly valuable to bad actors, and can prove costly if wrongly utilised as such – to say nothing of violation of privacy, and the indignity of feeling insecure purely for using a service. As our devices get better and better at monitoring extremely personal health data, privacy policies must grow stronger to protect that information from being misused. Google is putting this into practice, with a new update to their policy relating to ‘health apps’.
The New Policy
Google have announced a Health App Policy update, designed to improve privacy and data protection within what has become a lucrative yet saturated field in the app space. The new Health App policy, slated to come into effect by the start of June 2024, updates some of the key requirements for app developers and publishers that fall within a wide set of parameters pertaining to health, fitness and data handling.
The move is a crackdown of sorts, designed to engender consumer confidence in world where data is becoming increasingly valuable. Google’s approach to privacy regarding its own products is completely transparent for this reason – and a leaping-off point for the increased strictness of the Health App Policy.
Who Does It Apply To?
The scope of the Health App Policy means that its strictures apply to a relatively wide range of developers, publishers and businesses. As well as self-advertised health and fitness apps, and official medical diagnosis or treatment software, any app that accesses the health data of a given user will be beholden to the changes in Google policy.
As such, insurance-related apps, health survey questionnaires in commercial voucher sites, and even fitness game apps which utilise biometric data purely as a game mechanic could be liable. If you are developing an app, and suspect you will be gathering personal medical information from users for any reason, it would be worth liaising with a trusted solicitor specialising in data privacy law to ascertain your liability and to prepare for compliance.
Privacy Notices
The main content of the new policy relates to the updating and telegraphing of privacy notices. App developers and publishers must update their privacy policy to disclose – comprehensively – the collection, use, dissemination or even access of user data, in order to demonstrate to the customer that their information will be effectively shared with the app. In fringe cases where medical or biometric data is used for non-health or -fitness purposes, the privacy policy must comprehensively explain how said data is used.
Additional Requirements
The policy also adds a number of additional requirements, which aim to add extra layers of security to the harvesting and usage of medical or health data by apps and developers. These include submitting for advance notice where an app is government-affiliated, and fulfilment of all legal obligations where apps are geared towards research.