Privacy by Design for an mHealth App Addressing Executive Dysfunction

Abstract With the ongoing digital transformation, an increasing number of areas of life are integrated with digital applications. One such area with a longer history is the healthcare sector. In recent years, particularly development in mobile health (mHealth) has increased. Such applications can support in various areas and they have the potential to improve efficiency, quality and availability of healthcare services. Apart from clinically verified interventions and safety, particularly security and privacy are of high concern, as these technologies can have access to very sensitive parts of our life, and might be heavily integrated in it. Processed data can include highly accurate sensor data available in smart devices, identifiable information and behavioural data. Therefore, there is a high potential for misuse, as it was shown by many recent mHealth solutions, e.g. through data breaches and security vulnerabilities. Additionally, for users it is often difficult to understand how their data is processed or how they could intervene with the processing. The personal data thus needs to be handled with utmost care, and risks should be mitigated proactively, rather than remedial. User privacy should be respected and prioritized, in order to protect their fundamental rights. Privacy by Design is such a concept, which aims at respecting privacy and security from the very beginning of a project, instead of later on as an add-on. It has been applied successfully in some mHealth applications, however it is not yet common practice. Therefore in this thesis, a lightweight Privacy by Design process is designed, based on state of the art methods, and prototypically applied for an assistive mHealth technology, developed in an interdisciplinary research project. The application "RehaGoal" aims at supporting people affected by an acquired or congenital executive dysfunction, who have difficulties in planning and execution of tasks of daily living. It was developed together with psychologists and experts in the field, while allowing users to participate in the development and is presented in detail. A lightweight Privacy by Design process is proposed and refined within the mentioned context, starting with risk identification up until implementation. Additionally, methods for user participation are adapted for and applied in the context, handling several challenges such as initial participant unavailability, less-abled people, multiple groups of users and more. As part of several psychological studies conducted as part of the project, a concept for privacy-preserving studies and automated data collection, focussing on data minimization and purpose limitation is proposed and applied, involving a general software architecture and domain-specific language. Finally, pseudonymity, highly relevant in mHealth applications, is investigated in the form of novel identified privacy patterns, which bridge the gap between abstract and specific patterns.