In a 2014 EU consultation on mobile health services, participants called for better data encryption and authentication mechanisms in order to achieve a high level of security and privacy. Subsequently, the European Commission in cooperation with representatives from civil society and the industry have now established a Code of Conduct for developers of mHealth apps. The Code contains simple guidelines for collecting and using data in mHealth apps, including how data is secured. The aim is to promote the proper application of data protection legislation and to help increase trust in the market. A further aim is to raise developers’ awareness of how to create secure mHealth apps which process sensitive health data and, as a result, increase compliance with European data protection legislation.
The final draft is currently with the Article 29 Data Protection Working Party, an independent working party within the EU Commission which is responsible for advising on issues related to the processing of personal data. Once the code is approved, mHealth developers can start using the rules. However, the Code is not binding and foresees the voluntary participation of app developers. There is no check as to whether the criteria have actually been fulfilled. Therefore, it remains to be seen how the Code of Conduct will be used by app developers.
Code of Conduct: