-- WanTingHuang -second draft - 07 Dec 2020
We enjoy the convenience of the era of Internet, carrying our smartphone or smart-watch everyday and everywhere, and we give our behavior data and health data to businesses so easily. However, do you consent to disseminate your data? Have you imagined that what's next after your data being collected?
Any of your behavior, movement, and even every breath is valuable in this era. Through people’s locations, walking steps, burned calories, diet log, personal, heart rate, sleep stage, weight and water intake, companies of varieties of the industry can predict a person more precisely. For example, hundreds of insurance companies worldwide now launch “InsurTech” to do better actuary. Insurance companies collect clients' behavior and health data to analyze and calculate the insurance rate.
In my country, Taiwan, there was an insurance company starting to sell a personal insurance policy in 2019 that if clients consent to give their everyday footprints and other data from their Apple health app or Google Fit and fulfill some requirements, then the company will give extra 20% of the claim. They also encourage clients to provide health data on their smart devices as much as possible. After one year, now there are eight insurance companies with more than 33 policies that have similar spillover effect policy. Why those companies are so generous? Well, nothing comes for free! They collect clients’ data to lower their risk, predict claims, and also automatically market from your life-event – the most valuable information and more precise than doing market surveys themselves. That’s the “gold” for those companies.
In the digital era, "data" has become a "factor of production" alongside land, capital, and labor, and personal identity and behavior data are an important part of these data production factors. Data that can construct a person has becomes “gold.”
However, the key point is that there is an inequality in the usage of personal data. People think they own their data and enjoy the convenience of big data, but actually, most people are in “The Truman Show.” Those companies know you better than yourself, and they can predict your behaviors in advance.
If you won’t give your money to a bank without signing or reading regulations, why you could give your personal data to technology companies or other businesses so easily? Even did not read the privacy policy carefully before giving your data to them. Moreover, those personal behavior and health data could be sold to other companies for advertising and marketing purposes and a lot of people might not likely notice that. Once your data was disseminated, you lose your “gold.”
The most well-known laws and regulations regarding to personal behavior and health data are General Data Protection Regulation (GDPR) in Europe or Health Insurance Portability and Accountability Act (HIPAA) in America. Because those laws are more protective for individuals.
However, so far, people’s information in Taiwan is only protected by the Personal Data Protect Act (PDPA), which is less protective than GDPR and HIPAA. Under PDPA, personal data divides into "general personal data" and "special personal data." General personal data includes information that could identify a person, such as name, ID number, whereas special personal data specifically means data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records. The major difference between general and special personal data is that special personal data shall not be collected, processed or used unless under some exceptions (PDPA Article 6).
In addition, about the personal behavior and health information on your smartphone and portable devices, such as your fingerprints, steps, calories, ECG and breathe, are “general personal data” rather thar special personal data in Taiwan. It's tricky that although those personal data are fragile, they are not done by doctors or medical personals, and thus they are not under special catalog under Taiwanese regulations.
Under PDPA, such fragile data are classified into general personal data because it dons not be done by doctors or any medical personal. However, with the development of technology, e-health data can be as important as medical records. Therefore, e-health data should be special personal data.
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.