The mHealth Power Paradox Improving Data Protection in Health Apps through Self-Regulation in the European Union (in: Innovation and Protection: The Future of Medical Device Regulation, eds. I. Glenn Cohen; Timo Minssen; W. Nicholson Price II; Christopher T. Robertson; Carmel Shachar)

An increasing number of EU citizens uses self-monitoring mHealth apps. The extensive processing of health data by these apps poses severe risks to users’ personal autonomy. These risks are further compounded by the lack of specific EU regulation of mHealth and the inapplicability of the EU legal framework on health and patients’ rights, including the Medical Devices Regulation. While the General Data Protection Regulation provides a solid legal framework for the protection of health data, in practice, many mHealth apps do not comply. This chapter examines the feasibility of self-regulation by app stores as a complementary form of regulation in order to improve the level of protection of EU mHealth app users. App stores already play an important role by top-down regulating third-party mHealth apps distributed on their platforms by means of app review procedures. In order to assess the effectiveness of these existing practices, a case study analysis is performed on the regulatory practices of Apple’s App Store and Google’s Google Play. This analysis is used to provide recommendations on how to strengthen current self-regulation initiatives by app stores in the context of health data protection.