Sammendrag
Health and wellbeing apps are proliferating at an exponential rate. It has created a billion dollar market that would make the industry seek every opportunity to take a competitive advantage. At times, this may be at the expense of the privacy of the app users. While most such apps do not collect sensitive medical data, some may collect or generate sensitive data during processing thus creating a high degree of risk towards users privacy. However, the current EU laws seem to be inadequate in protecting the privacy expectations of the users of such apps especially in the light of technologies such as cloud computing, big data and profiling. Meanwhile the EU and the National regulators seem to be facing a dilemma of harmonizing economic and wider societal benefits of personal and sensitive data processing and the data subject s right to privacy. This thesis postulates that privacy risk assessment is one strategy to harmonize these interests and ensure privacy of the health and wellbeing app users. Thus, it embarked first on enumerating the contribution to privacy risks by the health and wellbeing apps before recognizing the current state of privacy risk assessments within the EU context. It then recognized means of harmonizing the EU laws, industry interests and the privacy expectation of the app users. Through its analysis, the thesis proposes a scalable and a transparent privacy risk assessment obligation on the app developers and data controllers as a solution. However, in order to implement such an obligation, the EU laws ought to provide appropriate methodologies to ease the legal uncertainties as recommended through this thesis. At the same time, the National laws ought to provide standards for privacy risk assessments based on reasonable expectations of the app users, principles of proportionality, reasonable terms and qualitative parameters of privacy rights, supplementing the EU laws.