Towards a Code of Conduct on Privacy for mHealth to Foster Trust Amongst Users of Mobile Health Applications

  • Eugenio Mantovani
  • Joan Antokol
  • Marian Hoekstra
  • Sjaak Nouwt
  • Nico Schutte
  • Pēteris Zilgalvis
  • J.-P. Castro Gómez-Valadés
  • Claudia Prettner
Part of the Law, Governance and Technology Series book series (LGTS, volume 36)


mHealth has the potential to transform health care by providing more timely and universal access to patients’ and users’ data. However, the potential for continuous patient monitoring and the ubiquitous exchange of sensitive health information, raise important questions about privacy and security. A recent development in the ongoing debate about privacy and mHealth is the Draft Code of Conduct on privacy for mobile health applications. Developed by mHealth industry organisations and facilitated by the European Commission, the Code is expected to foster trust amongst users of mobile applications processing data concerning health (at least where the developers of an mHealth app abide by the Code). This chapter’s aim is to present the Code, and, on this basis, analyse the EU’s legal framework on mobile technologies processing personal data, including health data.


Personal Data Data Protection Working Party Mobile Health Monitoring Body 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors would like to thank the Brussels Institute for Research and Innovation (INNOVIRIS, BE) and the Royal Dutch Medical Association, KNMG (NL) for organising the panel on mHealth at the CPDP conference 2016, on which this contribution is based.


  1. Article 29 Data Protection Working Party “Opinion 15/2011 on the definition of consent”, 2011Google Scholar
  2. Article 29 Working Party “Opinion 02/2013 on apps on smart devices”, 2013Google Scholar
  3. Article 29 Working Party, “Advice paper on special categories of data (“sensitive data”), (2011);Google Scholar
  4. Article 29 Working Party, Letter to Paul Timmers (Director of Sustainable and Secure Society Directorate), Annex I – health data in apps and devices, Letter and Annex regarding health data in apps and devices, (5 February 2015).Google Scholar
  5. Article 29 Working Party, “Opinion 02/2013 on apps on smart devices”, (2014)Google Scholar
  6. Beauchamp, Tom L., and James F. Childress. Principles of Biomedical Ethics. 7th ed. New York: Oxford University Press, 2001.Google Scholar
  7. Bloomberg Business, “Thousands of Apps Secretly Run Ads That Users Can’t See”, by Joshua Burstein, 23 July 2015. (download 23.03.2016)
  8. Blue Chip Marketing Worldwide, “Leveraging Mobile Health Technology for Patient Recruitment”, (2012).Google Scholar
  9. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, 20.01.1981, No. 108Google Scholar
  10. Davis, Fred D. “Perceived usefulness, perceived ease of use, and user acceptance of information technology.” MIS quarterly (1989): 319–340.Google Scholar
  11. De Hert Paul and Vagelis Papakonstantinou. “The proposed data protection Regulation replacing Directive 95/46/EC: A sound system for the protection of individuals.” Computer Law & Security Review, Volume 28, Issue 2, 2012: 130–142.Google Scholar
  12. DerSpiegel, “iSpy: How the NSA Accesses Smartphone Data”, by Marcel Rosenbach, Laura Poitras and Holger Stark (9 September 2013)Google Scholar
  13. Ellul Jacques. The Technological Society. New York: Vintage Books, 1964.Google Scholar
  14. EU Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)Official Journal L 201, 31/07/2002 P. 0037–0047Google Scholar
  15. EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such dataOfficial Journal L 281, 23/11/1995 P. 0031–0050Google Scholar
  16. EU Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)Google Scholar
  17. European Commission, “Draft Code of Conduct on privacy for mobile health applications” (mHealth privacy Code of Conduct Code (2016)
  18. European Commission. “Staff Working Document on the existing EU legal framework applicable to lifestyle and well-being apps” (4 October 2014a);Google Scholar
  19. European Commission. “Unlocking the potential for mHealth (mobile health) in the EU.” Green Paper on mobile health (mHealth) (COM(2014) 219 final of 10.4.2014b)
  20. European Court of Human Rights, Z v. Finland, judgment of 25 February 1997.Google Scholar
  21. European Data Protection Supervisor (EDPS), “Opinion 1/2015”, 21 May 2015Google Scholar
  22. Eurostat. “Information society statistics.” (2012). Retrieved on 17 March 2016 from:;
  23. Financial Times, “Health apps run into privacy snags.” (09.2013)Google Scholar
  24. Goering, Sara. “Autonomy.” Ethics, Science, Technology, and Engineering: A Global Resource. Ed. J. Britt Holbrook. 2nd ed. Vol. 1. Farmington Hills, MI: Macmillan Reference USA, 2015. 168–171. Gale Virtual Reference Library. Web. 2 Oct. 2014Google Scholar
  25. Gutwirth, Serge. 2012. “Short statement about the role of consent in the European data protection directive” The Selected Works of Serge GutwirthGoogle Scholar
  26. Heimes, Rita, “Top 10 operational impacts of the GDPR: Part 9 – Codes of conduct and certifications” The Privacy Advisor, Westin Research Center 24 February 2016
  27. Jasmontaite, Lina and Paul De Hert, “The EU, children under 13 years, and parental consent: a human rights analysis of a new, age-based bright-line for the protection of children on the Internet.” International Data Privacy Law, 5(1) (2015): 20–33.Google Scholar
  28. KNMG, Medical App Checker: a Guide to assessing Mobile Medical Apps. News message, 15 February, 2016. On internet:
  29. Mantovani, Eugenio and Paul Quinn. “mHealth and data protection–the letter and the spirit of consent legal requirements.” International Review of Law, Computers & Technology, 28(2) (2014): 222–236.CrossRefGoogle Scholar
  30. Mantovani Eugenio, Guihen Barry Barton, Quinn Paul, Habbig Ann-Katrin, De Hert Paul, “eHealth to mHealth. A Journey Precariously Dependent upon Apps?” (Brussels: European Journal of ePractice, 2013): 48–66.Google Scholar
  31. Milieu Ltd. “Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border eHealth services”, July 2014 / 36Google Scholar
  32. Njie, Lie C. M. “Technical Analysis of the Data Practices and Privacy Risks of 43 Popular Mobile Health and Fitness Applications.” Privacy Rights Clearinghouse (2013).Google Scholar
  33. PBS newshour. “Has health care hacking become an epidemic?” (2013).Google Scholar
  34. Quinn, Paul. “The Use of Anonymisation Techniques to Allow Patient Data to be Used for Research Processes – A Reflection on the Recent Article 29 Working Party Opinion.” In: Fifth European Conference on Health Law, 2015, Book of Abstracts,: 23. (forthcoming publication in European Journal of Health Law)Google Scholar
  35. Royston, G., Hagar, C., Long, L. A., McMahon, D., Pakenham-Walsh, N., Wadhwani, N., & mHIFA Working Group. “Mobile health-care information for all: a global challenge.” The Lancet Global Health, 3(7) (2015), e356-e357.Google Scholar
  36. Conseil national de l’Ordre des médecins (CNOM), Santé Connecté. French Livre Blanc du Conseil national de l’Ordre des médecins (2015).Google Scholar
  37. Schnall, Rebecca, Tracy Higgins, William Brown, Alex Carballo-Dieguez, and Suzanne Bakken. “Trust, Perceived Risk, Perceived Ease of Use and Perceived Usefulness as Factors Related to mHealth Technology Use.” 216 Studies in health technology and informatics (2014): 467–471.Google Scholar
  38. Sunyaev, Ali, Tobias Dehling, Patrick L Taylor, Kenneth D Mandl. “Availability and quality of mobile health app privacy policies.” J Am Med Inform Assoc. 22(e1) (2015): 28–33.Google Scholar
  39. The Telegraph, “Doctors told to prescribe smartphone apps to patients”, by Murray Wardrop, 22 July 2012Google Scholar
  40. The Verge, n.d.Google: Android app downloads have crossed 50 billion, over 1 M apps in Play” by C. Welch.
  41. Techcrunch, “The average age for a child getting their first smartphone is now 10.3 years”, 19 May 2016, by Jay Donovan. (10.06.2016)
  42. The Guardian, “Nearly one in 10 children gets first mobile phone by age five, says study”, 23 August 2013. (10.06.2016).
  43. USA, Federal Trade Commission (FTC). “Staff report Mobile Privacy Disclosures, Building Trust Through Transparency”. (2013),
  44. Warsaw declaration on the “appification” of society. Warsaw, Poland, 24 September 2013Google Scholar
  45. Welch, C. “Google: Android app downloads have crossed 50 billion, over 1 M apps in Play.” The Verge (2013). Retrieved on 18 March October from:
  46. Wright, David and Paul De Hert, Privacy Impact Assessment. The Netherlands: Springer, 2012.Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Eugenio Mantovani
    • 1
  • Joan Antokol
    • 2
  • Marian Hoekstra
    • 3
  • Sjaak Nouwt
    • 4
  • Nico Schutte
    • 5
  • Pēteris Zilgalvis
    • 6
  • J.-P. Castro Gómez-Valadés
    • 7
  • Claudia Prettner
    • 8
  1. 1.Law, Science, Technology & Society Studies (LSTS), Faculty of Law & CriminologyVrije Universiteit BrusselBrusselsBelgium
  2. 2.Park Legal LLCIndianapolisUSA
  3. 3.Health PolicyRoyal Dutch Medical Association (KNMG)UtrechtThe Netherlands
  4. 4.Health LawRoyal Dutch Medical Association (KNMG)UtrechtThe Netherlands
  5. 5.PhilipsAmsterdamThe Netherlands
  6. 6.Head of Unit, Startups and Innovation, Digital Single Market DirectorateEuropean CommissionBrusselsBelgium
  7. 7.Unit H.1 – Health & Well-Being, European CommissionBrusselsBelgium
  8. 8.European CommissionBrusselsBelgium

Personalised recommendations