Diagnostics: Data and Processing

Attention, the suggested results correspond to the answers checked. They provide an initial insight but they are no substitute for the personalised and in-depth analysis that a legal or regulatory expert can provide

Where does your digital service fit in?

The health field

The leisure and wellness field

The borderline between wellness and health

The line between health and wellness can be vague, especially if you are marketing a so-called "frontier" product.

Think carefully about the purpose of your service and especially about the types of data used/collected/processed: this will determine the use that can be made of these data, and how they are managed.

As a reminder:

Personal data are:
"any information relating to an identified or identifiable natural person."

Health data are:
"personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about that person's state of health," in other words all data relating to the past, present or future physical or mental health of the data subject.

If these are classified as health data, because of the sensitive nature of the data, a stricter legal regime applies to the "processing" of these data in the meaning of the GDPR: their collection, storage, use, transmission, etc.

In particular, health data includes information:

  • about the natural person collected when that natural person is enrolled for health care services or when those services are provided: a specific number, symbol, or element assigned to a natural person to uniquely identify him or her for health care purposes;
  • obtained from the testing or examination of a body part or bodily substance, including from genetic data and biological samples;
  • concerning a disease, disability, risk of disease, medical history, clinical treatment or physiological or biomedical condition of the individual, for example, regardless of its source, such as from a physician or other health care professional, hospital, medical device or in vitro diagnostic test.


Regulations:

Introductory item 35 and Article 4 of the GDPR (Regulation No. 2016/679, known as the General Data Protection Regulation).
Articles 6, 64 et seq. of the Law No. 78-17 of 6 January 1978, known as the French “Data Protection Act” as amended


Useful links:

CNIL: https://www.cnil.fr/fr/quest-ce-ce-quune-donnee-de-sante

Practical guide

You don't know how to answer, the keys for choosing

You don't know how to answer, the keys for choosing

Try to classify the data in one of the following three categories:

  1. Those which are health data by nature: medical history, illnesses, health care services provided, test results, treatments, disabilities, etc.
  2. Those which, because of their cross-referencing with other data, become health data in that they make it possible to draw a conclusion about a person's state of health or health risk: cross-referencing of a weight measurement with other data (number of steps, measurement of caloric intake, etc.), etc.
  3. Those that become health data because of their intended use, namely the use that is made of them from a medical point of view.

Examples

Service / product in the Health field:

  1. You design a pedometer activity tracker measuring your cardiac frequency (ECG), this is health data that can help establish recommendations on sports activities for the user.
  2. You design a pedometer activity tracker measuring the frequency and speed of walking of the user, who has input his/her name, weight, age, tobacco consumption, the presence of asthma and allergies so that the service/ products can establish recommendations on sports activities for the user.
  3. You design a pedometer activity tracker that measures only your frequency and speed of walking. The data are transmitted to a healthcare professional and helps him/her to monitor the health status of the user. The use made of a simple recording of speed and frequency of walking is enough to characterise this as health data.


Service / product in the Wellness field:

You design a pedometer that measures only your walking frequency and speed in order to establish recommendations on the sport activity of the user.

Go back to the previous question