Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.
Matt Collinge is Principal Consultant within Data Privacy, Security and Ethics at Slalom. Matt has worked with teams across a variety of industries to find sustainable solutions. He holds a particular passion for Financial Services, E-Commerce, and Technology, and uses a highly personable style to understand issues and provide meaningful solutions.
Below, Matt talks about his career to date and introduces some of the key themes of his PrivSec Global panel session.
- Healthy data - Day 2, Thursday 30th November, 13:30 – 14:15 GMT
Could you outline your professional pathway so far?
At the start of my career, I was a risk and compliance professional, which incorporated data and analytics as well. I then fell into data protection around 2017 whilst working for a railway supplier.
I just fell in love with the job and things snowballed and I got more opportunities, before moving to PwC in 2018 as a data protection consultant based out of London.
Following this, I joined the MoneySupermarket Group as their Data Protection Manager, managing their companywide Privacy Framework. I then moved to Slalom after a bit of a break in insurance. Once again, my role involves consultation – as part of Slalom’s Privacy, Security & Ethics practice.
Do health apps and digital health services specifically represent a problem area when it comes to protecting user data?
When it comes to safeguarding user data, health apps and digital health services pose potential challenges. There are two aspects to consider—neither is entirely risk-free. On one hand, utilizing wearable or device data in medical product development or patient outcome analysis presents a significant opportunity to enhance patient outcomes and expedite research into treatments/medicines.
However, there’s a risk in the data’s journey from wearables to storage, with potential corruption or amendments along the way. Ensuring a transparent data lineage is crucial, especially for future use cases like trials or additional information.
On the other hand, the integration of health data for advertising purposes is notably high risk. The belief that more data benefits advertising can be intrusive and lead to inaccurate outcomes, there’s also a massive purpose limitation problem. Maintaining visibility into data usage becomes challenging, leaving patients unsure of how their data is utilized and what actions they can take.
It’s essential to distinguish these two aspects in our discussions—promoting positive patient outcomes while preventing intrusive advertising that may be detrimental to data subjects’ interests.
What major issues or events have brought us to this situation?
The current situation can be attributed to a mix of regulatory and cultural factors, particularly in advertising. Digital advertising relies on vast data processing, presenting complexities in data flow and access within the ad tech space. The design of applications has often overlooked the sensitivity and potential impact of certain data on individuals, lacking appropriate categorisation.
Regulators need to intervene here, differentiating regulations between general ad tech and health applications within the ad tech space. In the healthcare industry, proactive measures can be taken to leverage data for positive patient outcomes, supporting providers and pharmaceutical companies. I think it’s crucial that we establishing a standard playbook for industry practices, focused on data minimisation.
When it comes to advertising, increased regulation is needed necessary to protect against unintended negative outcomes; educating organisations rather than assuming harmful intent can be more impactful.
Addressing the issue of health apps and data use requires transparency and clear communication. Users should be made aware of how wearables and health apps operate and be given real choices over their data.
Sharing data between platforms, as seen with Garmin and Strava, underscores the importance of identifying an appropriate lawful basis for specific data points and use cases. A must is providing clarity to users about data usage and business operations to build consumer trust.
Managing health data, especially in the context of digital health services, wearables, and health apps, remains a critical topic, particularly in light of the ongoing global health concerns.
Health app users are largely unprotected from having their data passed along to tech giants and marketing companies that might target them with ads.
What are lawmakers and the healthcare industry doing, or what should they be doing, to regulate the industry and protect all types of patient privacy?
Get to the edge of the conversation, only at PrivSec Global.
Also on the panel:
- Marta Dunphy-Moriel, Founder, Dunphy-Moriel Legal Services LTD (Panel Host)
- Diogo Duarte, Data Protection Officer, The European Society for Immunodeficiencies (ESID)
- Gene Price, Attorney at Law, Frost Brown Todd LLP | US member of the PrivacyRules Alliance
- Session: Healthy data
- Time: 13:30 – 14:15 GMT
- Date: Day 2, Thursday 30 November 2023
Discover more at PrivSec Global
As regulation gets stricter – and data and tech become more crucial – it’s increasingly clear that the skills required in each of these areas are not only connected, but inseparable.
Exclusively at PrivSec Global on 29 & 30 November 2023, industry leaders, academics and subject-matter experts unite to explore these skills and the central role they play in privacy, security and GRC.