Digital health fiduciaries: protecting user privacy when sharing health data

Wearable self-tracking devices capture multidimensional health data and offer several advantages including new ways of facilitating research. However, they also create a conflict between individual interests of avoiding privacy harms, and collective interests of assembling and using large health data sets for public benefits. While some scholars argue for transparency and accountability mechanisms to resolve this conflict, an average user is not adequately equipped to access and process information relating to the consequences of consenting to further uses of her data. As an alternative, this paper argues for fiduciary relationships, which put deliberative demands on digital health data controllers to keep the interests of their data subjects at the forefront as well as cater to the contextual nature of privacy. These deliberative requirements ensure that users can engage in collective participation and share their health data at a lower risk of privacy harms. This paper also proposes a way to balance the flexible and open-ended nature of fiduciary law with the specific nature and scope of fiduciary duties that digital health data controllers should owe to their data subjects.

[1]  Shakila Bu-Pasha,et al.  Cross-border issues under EU data protection law with regards to personal data protection , 2017 .

[2]  Kiel Robert Brennan-Marquez Fourth Amendment Fiduciaries , 2015 .

[3]  B. Ganesh,et al.  Markets and Hierarchies : Analysis and Antitrust Implications : A Study in the Economics of Internal Organization , 2017 .

[4]  Lawrence O Gostin,et al.  Personal privacy and common goods: a framework for balancing under the national health information privacy rule. , 2002, Minnesota law review.

[5]  Bonnie Kaplan,et al.  How Should Health Data Be Used? , 2016, Cambridge Quarterly of Healthcare Ethics.

[6]  Matthew Green,et al.  Keys under doormats , 2015, J. Cybersecur..

[7]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[8]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[9]  B. Evans Much Ado About Data Ownership , 2011 .

[10]  J. P. Higgins,et al.  Smartphone Applications for Patients' Health and Fitness. , 2016, The American journal of medicine.

[11]  Gabriele Lenzini,et al.  Patient-Centred Transparency Requirements for Medical Data Sharing Systems , 2016, WorldCIST.

[12]  Henry E. Smith Why Fiduciary Law Is Equitable , 2013 .

[13]  Adam Candeub Transparency in the Administrative State , 2013 .

[14]  Craig Konnoth Classification Standards for Health Information: Ethical and Practical Approaches , 2016 .

[15]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[16]  D. Gordon Smith,et al.  The Critical Resource Theory of Fiduciary Duty , 2002 .

[17]  A. Tversky,et al.  Prospect Theory : An Analysis of Decision under Risk Author ( s ) : , 2007 .

[18]  Ara Darzi,et al.  Cybersecurity and healthcare: how safe are we? , 2017, British Medical Journal.

[19]  Arvind Narayanan,et al.  No silver bullet: De-identification still doesn't work , 2014 .

[20]  Deborah Lupton,et al.  Digital Health Technologies and Digital Data: New Ways of Monitoring, Measuring and Commodifying Human Embodiment, Health and Illness , 2015 .

[21]  Alessandro Acquisti,et al.  Gone in 15 Seconds: The Limits of Privacy Transparency and Control , 2013, IEEE Security & Privacy.

[22]  Lyman P.Q. Johnson,et al.  After Enron: Remembering Loyalty Discourse in Corporate Law , 2004 .

[23]  James Fox,et al.  Privacy of health records: Europeans' preferences on electronic health data storage and sharing , 2015 .

[24]  H. Nissenbaum A Contextual Approach to Privacy Online , 2011, Daedalus.

[25]  Leonard I. Rotman Fiduciary Law’s ‘Holy Grail’: Reconciling Theory and Practice in Fiduciary Jurisprudence , 2010 .

[26]  A. Licht,et al.  Motivation, Information, Negotiation: Why Fiduciary Accountability Cannot Be Negotiable , 2016 .

[27]  Paul B. Miller,et al.  A Theory of Fiduciary Liability , 2010 .

[28]  Andrew S. Gold,et al.  The Loyalties of Fiduciary Law , 2013 .

[29]  A. Tversky,et al.  Prospect theory: analysis of decision under risk , 1979 .

[30]  L. Cranor,et al.  Are They Worth Reading? An In-Depth Analysis of Online Trackers’ Privacy Policies , 2015 .

[31]  W. Nicholson Price,et al.  Medical Malpractice and Black-Box Medicine , 2017 .

[32]  Martin Gelter,et al.  Fiduciary Principles in European Civil Law Systems , 2018 .

[33]  Maxwell J. Mehlman,et al.  Why Physicians Are Fiduciaries For Their Patients , 2015 .

[34]  Robert H. Sitkoff The Economic Structure of Fiduciary Law , 2011 .

[35]  Tamar Sharon,et al.  The Googlization of health research: from disruptive innovation to disruptive ethics. , 2016, Personalized medicine.

[36]  Helen M Farrell Transparency in psychiatric care. , 2012, Asian journal of psychiatry.

[37]  Jack M. Balkin,et al.  Information Fiduciaries and the First Amendment , 2016 .

[38]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[39]  Margaret F. Brinig,et al.  Parents: Trusted But Not Trustees or (Foster) Parents as Fiduciaries , 2011 .

[40]  A. J. Bass,et al.  A decade of data linkage in Western Australia: strategic design, applications and benefits of the WA data linkage system. , 2008, Australian health review : a publication of the Australian Hospital Association.

[41]  Jane Yakowitz,et al.  Tragedy of the Data Commons , 2011 .

[42]  Daniel J. Solove,et al.  'I've Got Nothing to Hide' and Other Misunderstandings of Privacy , 2007 .

[43]  Roger Allan Ford,et al.  Privacy and Accountability in Black-Box Medicine , 2016 .

[44]  Sandra Wachter The GDPR and the Internet of Things: A Three-Step Transparency Model , 2018 .

[45]  Tero Karppi,et al.  Our metrics, ourselves: A hundred years of self-tracking from the weight scale to the wrist wearable device , 2015 .

[46]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[47]  Nicolas P. Terry,et al.  Protecting Patient Privacy in the Age of Big Data , 2012 .

[48]  Tamar Frankel,et al.  Fiduciary Law , 2018 .

[49]  W Nicholson Price,et al.  Regulating Black-Box Medicine. , 2017, Michigan law review.

[50]  奥村 香保里,et al.  "Sleights of Privacy: Framing, Disclosures, and the Limits of Transparency"の紹介 , 2013 .

[51]  Tal Z. Zarsky,et al.  Incompatible: The GDPR in the Age of Big Data , 2017 .

[52]  Helen Nissenbaum,et al.  On Notice: The Trouble with Notice and Consent , 2009 .