Sooner or later, all data turns into health data

What would this protection need to look like?

Direct health data, for example from medical examinations, requires explicit consent from the affected person to be used further. But in the case of other data, the affected person is not even informed that it could be processed for health-related questions. That might be hidden in legalese in the terms and conditions, but usually these are far too long and too complex for the majority of users to read. There’s no way that’s informed consent.

How could it be done better?

There’s been some discussion about a nutrion lable like system or comics that give people who aren’t familiar with legal jargon a clear picture of the terms they’re agreeing to.

Informing people is one thing, but usually there’s no other option than to give your consent if you want to use a service.

That’s true. In addition, we’re under social pressure to use certain apps. Think of how many things are organized through WhatsApp groups by default nowadays, or the young people who use Instagram because all their friends are doing it, too. Informing them how their data is being used would be an important first step. Asking for consent especially needs to become more dynamic. It has to function retroactively and for the future.

What do you mean by that?

On the one hand, the digitization of paper archives is making new data sets accessible and the people affected could not possibly have imagined at the time how the data could be exploited by current analytical methods. In some cases, these people have died by now, but their living relatives could still be affected by the consequences of this data analysis. On the other hand, past and present data could still allow unforeseen conclusions to be drawn about health in the future. Mechanisms for obtaining consent must therefore cover past, present, and future data along with its present and future use.

That sounds like a difficult task to achieve.

The challenge is to regulate not only the collection of data, but also its use, in a more dynamic way. Even if private individuals agree to the terms and conditions for digital offers, providers should obtain their consent again if the providers want to analyze the data for new purposes, especially for health research.

From your perspective as an ethicist, what are the key points to bear in mind?

Especially when it comes to the big tech companies, we need better international coordination of laws that obligate corporations to create genuine transparency about the use of data and so ensure data subjects’ right to self-determination. From an ethical perspective, data privacy should actually be a human right: no one should suffer harm because of the use of their data. That’s why health data, whether direct or indirect, requires special protection.