Enabling Privacy Policies for mHealth Studies

Pervasive sensing has enabled continuous monitoring of user physiological state through mobile and wearable devices, allowing for large scale user studies to be conducted, such as those found in mHealth. However, current mHealth studies are limited in their ability of allowing users to express their privacy preferences on the data they share across multiple entities involved in a research study. In this work, we present mPolicy, a privacy policy language for study participants to express the context-aware and data-handling policies needed for mHealth. In addition, we provide a privacy-adaptive policy creation mechanism for byproduct data (such as motion inferences). Lastly, we create a software library called privLib for implementing parsing, enforcement, and policy creation on byproduct data for mPolicy. We evaluate the latency overhead of these operations, and discuss future improvements for scaling to realistic mHealth scenarios.

[1]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[2]  Peng Gao,et al.  Data Capsule: A New Paradigm for Automatic Compliance with Data Privacy Regulations , 2019, Poly/DMAH@VLDB.

[3]  M. Doerr,et al.  Consent Processes for Mobile App Mediated Research: Systematic Review , 2017, JMIR mHealth and uHealth.

[4]  Stephen Smith-López What is P3P? (the Platform for Privacy Preferences) , 2004 .

[5]  K. Strimbu,et al.  What are biomarkers? , 2010, Current opinion in HIV and AIDS.

[6]  Deborah Estrin,et al.  Center of excellence for mobile sensor data-to-knowledge (MD2K) , 2015, J. Am. Medical Informatics Assoc..

[7]  M. McConnell,et al.  The Use of Smartphones for Health Research. , 2017, Academic medicine : journal of the Association of American Medical Colleges.

[8]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[9]  Julita Vassileva,et al.  P2U: A Privacy Policy Specification Language for Secondary Data Sharing and Usage , 2014, 2014 IEEE Security and Privacy Workshops.

[10]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[11]  Karin Bernsmed,et al.  A-PPL: An Accountability Policy Language , 2014, DPM/SETOP/QASA.

[12]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[13]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[14]  P. Samarati,et al.  PrimeLife Policy Language , 2010 .

[15]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[16]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[17]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[18]  P. Dagum Digital biomarkers of cognitive function , 2018, npj Digital Medicine.

[19]  Monica M. C. Schraefel,et al.  An Automated Negotiation Agent for Permission Management , 2017, AAMAS.

[20]  S. Tucker Welcome to the world of mHealth! , 2015, mHealth.

[21]  Matjaz Gams,et al.  Automatic Detection of Perceived Stress in Campus Students Using Smartphones , 2015, 2015 International Conference on Intelligent Environments.

[22]  Deborah Estrin,et al.  Center of Excellence for Mobile Sensor Data-to-Knowledge (MD2K). , 2017, IEEE pervasive computing.

[23]  Andreas Krause,et al.  A Utility-Theoretic Approach to Privacy in Online Services , 2010, J. Artif. Intell. Res..

[24]  E. Perakslis Using digital health to enable ethical health research in conflict and other humanitarian settings , 2018, Conflict and Health.

[25]  Ninghui Li,et al.  A Formal Language for Specifying Policy Combining Algorithms in Access Control , 2008 .

[26]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.