Storing potentially sensitive data: Best practices for app developers
Potentially sensitive data, such as that generated by wellbeing apps, is a "grey area” where the GDPR classification is open for interpretation.
“Data concerning health ... [is] personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status”.
(GDPR, art.4(15))
Runkeeper, an activity tracking app, was collecting users' data even when not used due to a bug. This was a huge data protection breach as it gathered large quantities of data. Therefore, the health status of the users was easy to determine. It was bad, because app was monitoring its users without them knowing it.
This sort of data collection is dangerous. If the data is analysed, it can lead to conclusions (whether accurate or inaccurate) about medical risks or the ability to perform certain type of activity. In this case, it is likely that such data can be sufficient to infer the health status of a user.
How should I protect potentially sensitive data?
Fitness and wellbeing apps typically store data that is not used in a medical context. However, developers should still manage such data carefully as if it were sensitive data. If potentially sensitive data is stolen or used in a different context, it can easily reveal user's health information and violate his privacy.
How Chino.io helps
If you are not sure whether your data is sensitive, or if you want to reduce potential risks, Chino.io makes it easy to implement pseudonymisation and to use our systems to securely store the most sensitive data.