Law in the Internet Society

When Your Health and Personal Behavior Become Big Data, What Happened?

-- WanTingHuang -second draft - 07 Dec 2020

We enjoy the convenience of the era of Internet, carrying our smartphone or smart-watch everyday and everywhere, and we give our behavior data and health data to businesses so easily. However, do you consent to disseminate your data? Have you imagined that what's next after your data being collected?

1. Turn Your Behavior and every Breath into the Gold

Any of your behavior, movement, and even every breath is valuable in this era. Through people’s locations, walking steps, burned calories, diet log, personal, heart rate, sleep stage, weight and water intake, companies of varieties of the industry can predict a person more precisely. For example, hundreds of insurance companies worldwide now launch “InsurTech” to do better actuary. Insurance companies collect clients' behavior and health data to analyze and calculate the insurance rate.

In my country, Taiwan, there was an insurance company starting to sell a personal insurance policy in 2019 that if clients consent to give their everyday footprints and other data from their Apple health app or Google Fit and fulfill some requirements, then the company will give extra 20% of the claim. They also encourage clients to provide health data on their smart devices as much as possible. After one year, now there are eight insurance companies with more than 33 policies that have similar spillover effect policy. Why those companies are so generous? Well, nothing comes for free! They collect clients’ data to lower their risk, predict claims, and also automatically market from your life-event – the most valuable information and more precise than doing market surveys themselves. That’s the “gold” for those companies.

2. Gold for You, or Gold for Business

In the digital era, "data" has become a "factor of production" alongside land, capital, and labor, and personal identity and behavior data are an important part of these data production factors. Data that can construct a person has becomes “gold.”

However, the key point is that there is an inequality in the usage of personal data. People think they own their data and enjoy the convenience of big data, but actually, most people are in “The Truman Show.” Those companies know you better than yourself, and they can predict your behaviors in advance.

If you won’t give your money to a bank without signing or reading regulations, why you could give your personal data to technology companies or other businesses so easily? Even did not read the privacy policy carefully before giving your data to them. Moreover, those personal behavior and health data could be sold to other companies for advertising and marketing purposes and a lot of people might not likely notice that. Once your data was disseminated, you lose your “gold.”

3. Laws and Regulations Related to Health and Personal Behavior in Taiwan

3.1. General and Special Personal Data

Regarding to InsurTech? and people’s behavior collection, gig data is not utterly wrong. It could help our society only as we the people could have the alternative to decide whether we want to give, whom much we want to give, and when we want to call it off and get them back.

The most well-known laws and regulations regarding to personal behavior and health data are General Data Protection Regulation (GDPR) in Europe or Health Insurance Portability and Accountability Act (HIPAA) in America. Because those laws are more protective for individuals.

However, so far, people’s information in Taiwan is only protected by the Personal Data Protect Act (PDPA), which is less protective than GDPR and HIPAA. Under PDPA, personal data divides into "general personal data" and "special personal data." General personal data includes information that could identify a person, such as name, ID number, whereas special personal data specifically means data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records. The major difference between general and special personal data is that special personal data shall not be collected, processed or used unless under some exceptions (PDPA Article 6).

In addition, about the personal behavior and health information on your smartphone and portable devices, such as your fingerprints, steps, calories, ECG and breathe, are “general personal data” rather thar special personal data in Taiwan. It's tricky that although those personal data are fragile, they are not done by doctors or medical personals, and thus they are not under special catalog under Taiwanese regulations.

3.2. Do You Consent?

One of the exceptions under PDPA Article 6 is that a person has consented to the collection, processing and use of his/her personal data in writing. Regarding “consent in writing,” it may be given in an electronic form with a digital signature. On the contrary, if it’s general personal data, a simple click of “consent” would fulfill the requirement under PDPA.

Under PDPA, such fragile data are classified into general personal data because it dons not be done by doctors or any medical personal. However, with the development of technology, e-health data can be as important as medical records. Therefore, e-health data should be special personal data.

3.3. What’s next

When the purpose of collecting or processing personal data has been achieved and there is no need to keep the data, the data subject has the right to request the data controller to delete the data immediately, and the data controller is obliged to delete the data immediately. It should be people’s right to delete their data.

4. Convenience and Privacy Are Not Contradictory

Technology is neutral. The key point is how people control the information acquisition and dissemination. Especially the data that could identify a person, it is so fragile that should require special protection. Moreover, there is a false dilemma between privacy and convenience. Privacy and convenience should not be opposed. We can improve our life through legal, educational, and technical perspectives. It’s not a black and white choice, and people can and should enjoy both of them at the same time!

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 07 Dec 2020 - 04:23:51 - WanTingHuang
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM