Meet the expert: Matt Collinge to speak at PrivSec Global

Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.

Matt Collinge is Principal Consultant within Data Privacy, Security and Ethics at Slalom. Matt has worked with teams across a variety of industries to find sustainable solutions. He holds a particular passion for Financial Services, E-Commerce, and Technology, and uses a highly personable style to understand issues and provide meaningful solutions.

Matt Collinge appears exclusively at PrivSec Global to discuss data used in health apps, looking at what lawmakers and the health industry should be doing to give users stronger privacy protection.

Below, Matt talks about his career to date and introduces some of the key themes of his PrivSec Global panel session.

Could you outline your professional pathway so far?

At the start of my career, I was a risk and compliance professional, which incorporated data and analytics as well. I then fell into data protection around 2017 whilst working for a railway supplier.

I just fell in love with the job and things snowballed and I got more opportunities, before moving to PwC in 2018 as a data protection consultant based out of London.

Following this, I joined the MoneySupermarket Group as their Data Protection Manager, managing their companywide Privacy Framework. I then moved to Slalom after a bit of a break in insurance. Once again, my role involves consultation – as part of Slalom’s Privacy, Security & Ethics practice.

Do health apps and digital health services specifically represent a problem area when it comes to protecting user data?

When it comes to safeguarding user data, health apps and digital health services pose potential challenges. There are two aspects to consider—neither is entirely risk-free. On one hand, utilizing wearable or device data in medical product development or patient outcome analysis presents a significant opportunity to enhance patient outcomes and expedite research into treatments/medicines.

However, there’s a risk in the data’s journey from wearables to storage, with potential corruption or amendments along the way. Ensuring a transparent data lineage is crucial, especially for future use cases like trials or additional information.

On the other hand, the integration of health data for advertising purposes is notably high risk. The belief that more data benefits advertising can be intrusive and lead to inaccurate outcomes, there’s also a massive purpose limitation problem. Maintaining visibility into data usage becomes challenging, leaving patients unsure of how their data is utilized and what actions they can take. 

It’s essential to distinguish these two aspects in our discussions—promoting positive patient outcomes while preventing intrusive advertising that may be detrimental to data subjects’ interests.

What major issues or events have brought us to this situation?

The current situation can be attributed to a mix of regulatory and cultural factors, particularly in advertising. Digital advertising relies on vast data processing, presenting complexities in data flow and access within the ad tech space. The design of applications has often overlooked the sensitivity and potential impact of certain data on individuals, lacking appropriate categorisation.

Regulators need to intervene here, differentiating regulations between general ad tech and health applications within the ad tech space. In the healthcare industry, proactive measures can be taken to leverage data for positive patient outcomes, supporting providers and pharmaceutical companies. I think it’s crucial that we establishing a standard playbook for industry practices, focused on data minimisation.

When it comes to advertising, increased regulation is needed necessary to protect against unintended negative outcomes; educating organisations rather than assuming harmful intent can be more impactful.

Addressing the issue of health apps and data use requires transparency and clear communication. Users should be made aware of how wearables and health apps operate and be given real choices over their data.

Sharing data between platforms, as seen with Garmin and Strava, underscores the importance of identifying an appropriate lawful basis for specific data points and use cases. A must is providing clarity to users about data usage and business operations to build consumer trust.