A Proposal for a Robust Validated Weighted General Data Protection Regulation-Based Scale to Assess the Quality of Privacy Policies of Mobile Health Applications: An eDelphi Study

Jaime Benjumea; Jorge Ropero; Enrique Dorronzoro-Zubiete; Octavio Rivera-Romero; Alejandro Carrasco

doi:10.1055/a-2155-2021

A Proposal for a Robust Validated Weighted General Data Protection Regulation-Based Scale to Assess the Quality of Privacy Policies of Mobile Health Applications: An eDelphi Study

Methods Inf Med. 2023 Dec;62(5-06):154-164. doi: 10.1055/a-2155-2021. Epub 2023 Aug 17.

Authors

Jaime Benjumea¹, Jorge Ropero¹, Enrique Dorronzoro-Zubiete¹, Octavio Rivera-Romero¹, Alejandro Carrasco¹

Affiliation

¹ Department of Electronic Technology, Universidad de Sevilla, Sevilla, Spain.

Abstract

Background: Health care services are undergoing a digital transformation in which the Participatory Health Informatics field has a key role. Within this field, studies aimed to assess the quality of digital tools, including mHealth apps, are conducted. Privacy is one dimension of the quality of an mHealth app. Privacy consists of several components, including organizational, technical, and legal safeguards. Within legal safeguards, giving transparent information to the users on how their data are handled is crucial. This information is usually disclosed to users through the privacy policy document. Assessing the quality of a privacy policy is a complex task and several scales supporting this process have been proposed in the literature. However, these scales are heterogeneous and even not very objective. In our previous study, we proposed a checklist of items guiding the assessment of the quality of an mHealth app privacy policy, based on the General Data Protection Regulation.

Objective: To refine the robustness of our General Data Protection Regulation-based privacy scale to assess the quality of an mHealth app privacy policy, to identify new items, and to assign weights for every item in the scale.

Methods: A two-round modified eDelphi study was conducted involving a privacy expert panel.

Results: After the Delphi process, all the items in the scale were considered "important" or "very important" (4 and 5 in a 5-point Likert scale, respectively) by most of the experts. One of the original items was suggested to be reworded, while eight tentative items were suggested. Only two of them were finally added after Round 2. Eleven of the 16 items in the scale were considered "very important" (weight of 1), while the other 5 were considered "important" (weight of 0.5).

Conclusion: The Benjumea privacy scale is a new robust tool to assess the quality of an mHealth app privacy policy, providing a deeper and complementary analysis to other scales. Also, this robust scale provides a guideline for the development of high-quality privacy policies of mHealth apps.

The Author(s). This is an open access article published by Thieme under the terms of the Creative Commons Attribution License, permitting unrestricted use, distribution, and reproduction so long as the original work is properly cited. (https://creativecommons.org/licenses/by/4.0/).

Publication types

Research Support, Non-U.S. Gov't

MeSH terms

Computer Security
Mobile Applications*
Policy
Privacy
Telemedicine*

Grants and funding

Funding This work was partially funded by the Cátedra de Telefónica “Inteligencia en la red” of the Universidad de Sevilla and by the Cátedra Indra “Sociedad Digital” of the Universidad de Sevilla. O.R.-R. has received funding from the Universidad de Sevilla and theMinisterio de Universidades of the Spanish Government under the Requalification of Spanish University System Program funded by European Union—NextGenerationEU.