Giyilebilir Sağlık Cihazlarında Genel Veri Koruma Tüzüğü Uyumluluğu ve Gizliliğin Korunması: Zorluklar ve Çözümler

Year 2024, Issue: 10, 29 - 37, 23.12.2024

Mazlum Özçağdavul

https://doi.org/10.58252/artukluhealth.1566573

Abstract

Giriş: Giyilebilir sağlık cihazları, gerçek zamanlı izleme ve kişiselleştirilmiş bakım sağlayarak kişisel sağlık yönetimini dönüştürmüştür. Bununla birlikte, bu cihazlar tarafından toplanan büyük miktarda hassas veri, özellikle Genel Veri Koruma Tüzüğü (GDPR) ile uyumluluk açısından önemli gizlilik riskleri oluşturmaktadır. GDPR rıza, veri minimizasyonu ve unutulma hakkı ile ilgili katı gereklilikler getirmektedir. GDPR uyumluluğunu sağlamak, giyilebilir sağlık cihazları geliştiricileri ve üreticileri için büyük bir zorluktur.
Yöntem: Bu makale, giyilebilir sağlık cihazlarında GDPR uyumluluk zorluklarına ilişkin mevcut literatürü analiz etmek için sistematik bir inceleme kullanmaktadır. Veriler 2010 ve 2024 yılları arasında yayınlanan hakemli çalışmalardan, endüstri raporlarından ve yasal analizlerden elde edilmiştir. Tematik analiz yoluyla rıza yönetimi, veri minimizasyonu, şifreleme gizlilik odaklı tasarım stratejilerine odaklanan kilit temalar belirlenmiştir.
Bulgular: İnceleme, güvenlik ihlalleri ve bilgilendirilmiş onayın GDPR uyumluluğunun sağlanmasında en önemli zorluklar olduğunu ortaya koymuştur. Birçok giyilebilir cihaz, GDPR'nin veri minimizasyonu ilkesiyle çelişen aşırı miktarda veri toplamaktadır. Gizlilik odaklı tasarım ve şifreleme kritik çözümler olarak tanımlanmıştır, ancak bu yaklaşımlar cihaz işlevselliği ve kullanıcı deneyiminde ödünleşimlere yol açmaktadır.
Sonuç: Giyilebilir sağlık cihazlarında GDPR uyumluluğunun ele alınması, sağlam veri koruması ve kullanılabilirlik arasında bir denge gerektirir. Gizlilik odaklı tasarım ve şifreleme gibi çözümler çok önemlidir ancak performans etkilerinden kaçınmak için dikkatli bir uygulama gerektirir. Gelecekteki çabalar, kullanıcı onayı yönetimini iyileştirmeye ve daha verimli veri yönetişimi çerçeveleri geliştirmeye odaklanmalıdır.

Keywords

GDPR uyumluluğu, Giyilebilir sağlık cihazları, Veri gizliliği, Rıza yönetimi

Ethical Statement

Bu çalışma mevcut literatürün gözden geçirilmesini içerdiğinden ve birincil veri toplamayı kapsamadığından, resmi bir etik onay gerekmemiştir. Bununla birlikte, bulguların doğru bir şekilde temsil edilmesi ve tüm orijinal kaynaklara uygun şekilde atıfta bulunulması sağlanarak etik hususlar korunmuştur.

Supporting Institution

Bu çalışma sırasında herhangi bir finansal destek alınmamıştır.

General Data Protection Regulation Compliance and Privacy Protection in Wearable Health Devices: Challenges and Solutions

Abstract

Introduction: Wearable health devices have transformed personal health management by providing real-time monitoring and personalized care. However, the vast amounts of sensitive data collected by these devices pose significant privacy risks, particularly in compliance with the General Data Protection Regulation (GDPR). The GDPR enforces strict requirements around consent, data minimization, and the right to be forgotten. Ensuring GDPR compliance is a major challenge for developers and manufacturers of wearable health devices.
Methods: This study employs a systematic review to analyze current literature on GDPR compliance challenges in wearable health devices. Data were extracted from peer-reviewed studies, industry reports, and legal analyses published between 2010 and 2024. Key themes were identified through thematic analysis, focusing on consent management, data minimization, encryption, and privacy-by-design strategies.
Results: The review found that security breaches and informed consent are the most significant challenges in ensuring GDPR compliance. Many wearable devices collect excessive amounts of data, conflicting with GDPR's data minimization principle. Privacy-by-design and encryption were identified as critical solutions, though these approaches introduce trade-offs in device functionality and user experience.
Conclusion: Addressing GDPR compliance in wearable health devices requires a balance between robust data protection and usability. Solutions like privacy-by-design and encryption are essential but require careful implementation to avoid performance impacts. Future efforts should focus on improving user consent management and developing more efficient data governance frameworks.

Keywords

GDPR compliance, Wearable health devices, Data privacy, Consent management

Ethical Statement

As this study involved a review of existing literature and did not involve primary data collection, no formal ethical approval was required. However, ethical considerations were maintained by ensuring accurate representation of the findings and proper attribution to all original sources.

Supporting Institution

No external funding was used to support this research.

References

• Abernethy, A., Adams, L., Barrett, M., Bechtel, C., Brennan, P., Butte, A., Faulkner, J., Fontaine, E., Friedhoff, S., Halamka, J., Howell, M., Johnson, K., Long, P., McGraw, D., Miller, R., Lee, P., Perlin, J., Rucker, D., Sandy, L., Savage, L., … Valdes, K. (2022). The Promise of Digital Health: Then, Now, and the Future. NAM perspectives, 2022, https://doi.org/10.31478/202206e.
• Baldini, G., Botterman, M., Neisse, R., and Tallacchini, M. (2018). Ethical design in the Internet of Things: Privacy and data protection by design and default. Computer Law & Security Review, 34(3), 602-616. https://doi.org/10.1007/s11948-016-9754-5
• Butpheng, C., Yeh, K. -H., & Xiong, H. (2020). Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review. Symmetry, 12(7), 1191. https://doi.org/10.3390/sym12071191
• Cavoukian, A., Taylor, S., and Abrams, M. E. (2010). Privacy by Design: Essential for organizational accountability and strong business practices. Identity in the Information Society, 3, 405-413. https://doi.org/10.1007/s12394-010-0053-z
• Covington, M. J., and Carskadden, R. (2013, June). Threat implications of the Internet of Things. In 2013 5th international conference on cyber conflict (CYCON 2013) (1-12). IEEE.
• European Union. (2016). General Data Protection Regulation (GDPR). Official Journal of the European Union, L119/1.
• Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á., & Toval, A. (2013). Security and privacy in electronic health records: a systematic literature review. Journal of biomedical informatics, 46(3), 541–562. https://doi.org/10.1016/j.jbi.2012.12.003
• Galvin, H. K., & DeMuro, P. R. (2020). Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019. Yearbook of medical informatics, 29(1), 32–43. https://doi.org/10.1055/s-0040-1701987
• Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research, 59(6), 703-705. https://doi.org/10.2501/IJMR-2017-050
• Granata, F., Di Nunno, F., and de Marinis, G. (2022). Stacked machine learning algorithms and bidirectional long short-term memory networks for multi-step ahead streamflow forecasting: A comparative study. Journal of Hydrology, 613, 128431. https://doi.org/10.1016/j.jhydrol.2022.128431.
• Hein, A. E., Vrijens, B., and Hiligsmann, M. (2020). A digital innovation for the personalized management of adherence: Analysis of strengths, weaknesses, opportunities, and threats. Frontiers in Medical Technology, 2, 604183. https://doi.org/10.3389/fmedt.2020.604183
• Hoofnagle, C. J., van der Sloot, B., & Borgesius, F. Z. (2019). The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law, 28(1), 65–98. https://doi.org/10.1080/13600834.2019.1573501
• Ioannidou I, Sklavos N. On General Data Protection Regulation Vulnerabilities and Privacy Issues, for Wearable Devices and Fitness Tracking Applications. Cryptography. 2021; 5(4):29. https://doi.org/10.3390/cryptography5040029
• Kazanskiy, N. L., Khonina, S. N., and Butt, M. A. (2024). A review on flexible wearables-Recent developments in non-invasive continuous health monitoring. Sensors and Actuators A: Physical, 114993. https://doi.org/10.1016/j.sna.2023.114993
• Kuner, C. (2020). The GDPR and International Organizations. AJIL Unbound, 114, 15–19. https://doi:10.1017/aju.2019.78
• Martínez-Pérez, B., De La Torre-Díez, I., and López-Coronado, M. (2015). Privacy and security in mobile health apps: A review and recommendations. Journal of Medical Systems, 39, 1-8. https://doi.org/10.1007/s10916-014-0181-3
• Narayanan, A., and Shmatikov, V. (2010). Myths and fallacies of "personally identifiable information". Communications of the ACM, 53(6), 24-26. https://doi.org/10.1145/1743546.1743558
• Nissenbaum, H. (2011). A contextual approach to privacy online. Daedalus, 140(4), 32-48. https://doi.org/10.1162/DAED_a_00113
• Paul, G., and Irvine, J. (2014, September). Privacy implications of wearable health devices. In Proceedings of the 7th International Conference on Security of Information and Networks (117-121). https://doi.org/10.1145/2659651.265968
• Roehrs A, da Costa C, da Rosa Righi R, de Oliveira K Personal Health Records: A Systematic Literature Review J Med Internet Res 2017;19(1):e13 https://doi.org/10.2196/jmir.5876
• Sætnan, A.R., Schneider, I., & Green, N. (Eds.). (2018). The Politics and Policies of Big Data: Big Data, Big Brother? (1st ed.). Routledge. https://doi.org/10.4324/9781315231938
• Solove, D. J. (2013). Privacy self-management and the consent dilemma. Harvard Law Review, 126, 1880.
• Sokolova, A. (2021). Risk perception and personality characteristics as determinants in the use of mHealth technology in the context of personal fitness (Bachelor's thesis, University of Twente).
• Stewart, L. (2019). Big data discrimination: Maintaining protection of individual privacy without disincentivizing businesses' use of biometric data to enhance security. BCL Rev., 60, 349.
• Syu, J. H., Lin, J. C. W., Srivastava, G., and Yu, K. (2023). A comprehensive survey on artificial intelligence empowered edge computing on consumer electronics. IEEE Transactions on Consumer Electronics. https://doi.org/10.1109/TCE.2023.3318150
• Tankard, C. (2016). What the GDPR means for businesses. Network Security, 2016(6), 5-8. https://doi.org/10.1016/S1353-4858(16)30056-3
• Thapa, C., & Camtepe, S. (2021). Precision health data: Requirements, challenges and existing techniques for data security and privacy. Computers in biology and medicine, 129, 104130. https://doi.org/10.1016/j.compbiomed.2020.104130
• Tene, O., and Polonetsky, J. (2011). Privacy in the age of big data: A time for big decisions. Stanford Law Review Online, 64, 63.
• Tikkinen-Piri, C., Rohunen, A., and Markkula, J. (2018). EU General Data Protection Regulation: Changes and implications for personal data collecting companies. Computer Law & Security Review, 34(1), 134-153. https://doi.org/10.1016/j.clsr.2017.05.015
• Voigt, P., and Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR). A practical guide, 1st ed. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-57959-7
• Wang, Y., Kung, L., Wang, W.Y.C., and Cegielski, C.G. (2018). An integrated big data analytics-enabled transformation model: Application to health care. Information & Management, 55(1), 64-79. https://doi.org/10.1016/j.im.2017.04.001
• Wright, D., and De Hert, P. (2012). Introduction to privacy impact assessment. In Privacy impact assessment (pp. 3-32). Dordrecht: Springer Netherlands. https://doi.org/10.1007/978-94-007-2543-0