Researchers: How to Leverage Personal Data and Still Protect Privacy
Oct 24, 2019, 2:00 PM, Posted by Paul Tarini
The popularity of app-based research studies has soared, although plunging public trust in commercial technology companies could dampen enthusiasm and upend science if researchers don’t act quickly.
Nefarious cases of data sharing and data breaches are in the headlines on an uncomfortably regular basis. One recent exposé found period tracking apps were sending extremely personal information about millions of women directly to Facebook without their knowledge. This comes in conjunction with all-too-frequent corporate hacks—from credit cards to electronic health records and more—that leave consumers vulnerable and scrambling to reset passwords and freeze accounts.
It’s a constant drumbeat that is feeding a climate of concern around our data: who has it, how safe it is, what it is being used for.
Against this tumultuous backdrop, researchers around the world are launching studies that rely on smart phone apps and other digital devices to collect data. The hope is that these digital tools—and the data we provide through them—will enable more people to participate in studies and help accelerate medical discovery. But if researchers don’t act quickly, this turmoil around data privacy could upend their work.
There’s an App for That
Smart phones and devices such as the Apple Watch are proving to be valuable data collection tools for researchers. They’re enabling easy collection of information from people as they go about their lives, offering insight far beyond what’s reported in the doctor’s office. And they do this data collection at a fraction of the cost of more traditional studies.
A great example of this is mPower, an app-based study of Parkinson’s disease which was built with Apple’s ResearchKit. People make use of the phone’s sensors to track their symptoms—from memory to speech to balance.
More than 16,000 people are enrolled in the app study, sharing millions of data points on the daily changes in symptoms and effects of medication for people with Parkinson’s. This staggering amount of data is a stark contrast to most Parkinson’s studies which typically rely on data from fewer than 100 people.
Excited by their potential to help us understand more about health and speed up progress toward better treatments and cures, RWJF funded a number of projects beginning in 2013 that enabled people to contribute their data to research efforts.
Privacy Concerns Could Prove to Be a Major Stumbling Block for Research
Judging by the thousands of people who have signed up to participate, app-based studies are particularly attractive, though current events are creating new challenges for this young field.
In today’s environment, people may think twice or thrice before signing up for a study that uses an app on their phone to collect data from them. In fact, some researchers say that prospective research subjects have been “scared off” by all the recent data breaches and violations of privacy.
Even when researchers have successfully recruited people to contribute data, the portion who drop out has been staggering—as high as nine out of 10. This should not be a total surprise. Marketing research shows the longer people own activity trackers, the less they use them and fully one-third have stopped using them altogether by six months. Add to that the cloud of mistrust and repeated assaults on privacy, it’s easy to imagine why there’s so much drop off.
Three Things That Researchers Can Do Now
So what can researchers do?
Conversations with leading app-based scientists suggests three things researchers can do to ensure their studies are not thwarted by privacy concerns:
- Give back. Getting people comfortable with sharing their data requires more than a simple tech fix. The relationship between the researcher and the participant is important. Depending entirely upon app interactions to cement long-term engagement has its limits. One way to both get around this, and to build trust, is to give people back the knowledge that you’ve gleaned from their data. But this doesn’t mean send them the study results or an excel chart full of data points or wait months for a research study to be published before you share any feedback with them. When you’re running an app-based study, the terms of engagement with participants need to change. People have expectations based on their experiences with commercial apps, where feedback is instant. So should app-based studies. From the start, apps should be designed to collect and share data that’s meaningful to the participants as well as data that’s meaningful to researchers. These have to be first-order thoughts, not afterthoughts.
- Hand over control. Commercial health apps routinely share users’ personal data often without their knowledge. Yet, researchers are finding that if you simply ask, many people are willing to have their data shared with a third party, especially when they control who their data is shared with. Take the mPower app: participants are able to choose whether to share their data with researchers associated with mPower, or to share it with qualified researchers worldwide. So far, more than 75 percent of mPower participants have chosen to share their data broadly. Of course handing over control over data-sharing decisions means more work for researchers. But the trade-off for science is worth it.
When crafting data-sharing options, be transparent about what these options really mean. Don’t cloak them in jargon, promising to “de-identify” and “anonymize,” or only use “aggregate data” without fully explaining all of the implications. We’ve heard of organizations who describe the mere removal of an individual’s name or email address as ‘de-identification,’ despite retaining other highly identifying elements such as birthdate, profile photo or personal biography; if that’s the data you’re planning to share, you must alert people and give them the option to say no.
- Security, security, security. Many researchers have simply relied on copying industry approaches to managing data, which could leave people vulnerable to security breaches and the risk of sensitive information about their health falling into unwanted hands. Getting it right isn’t easy, but it can be done: encryption, firewalls, multi-layered surveillance, and identity verification systems are all established methods to keep user information secure and prevent unauthorized use of data. Researchers sometimes lack the technical knowledge needed to build such protections into the architecture of smartphone apps and their corresponding research networks, and cost can certainly be a deterrent. But the investment must be made.
This is a new way of thinking for most researchers and they’ll need to develop some new muscles. CORE is a platform where researchers can learn from one another about what is working and what is not in this still-young world of digital research.
Finally, a word of advice for consumers: When signing up for an app-based study or downloading a health app, be aware of the privacy pitfalls. Pay close attention to what you’re giving the app access to; check reviews and ratings and seek alternatives if you have any cause for concern.
Read the report Reinventing Discovery to learn more about these challenges and how researchers are responding.
And if you’re already exploring how to make data sharing more meaningful for consumers and research participants, share your thoughts below.
about the author
Paul Tarini, senior program officer, focuses on exploration, discovery, learning, and emerging trends that are important to building a Culture of Health, as well as fostering connections between health and health care. Read his full bio.