Mental Health Apps and Privacy Notices | Fieldfisher
Skip to main content

Mental Health Apps and Privacy Notices


United Kingdom

Mental health awareness week in the UK drew to a close yesterday. The level of events to mark this occasion, happening online and in person, via webinars, podcasts, seminars and a variety of other mediums and channels, have recognised the importance of maintaining a level of good mental health.

The variety of resources available to those who find themselves affected have equally been on show. In recent years, there has been an ever-increasing number of mental health apps created to provide assistance to those struggling. Coinciding with US mental health month also in May, the Mozilla Guide on Mental Health Apps was released at the beginning of the month and highlights a number of concerns about the privacy protections of mental health and prayer apps.
The Mozilla Guide found the majority of the 32 apps reviewed fell below the privacy standards expected. The apps generally tracked and shared individuals' (often sensitive) data without making it clear the massive scale this was conducted on. The individual privacy notices of the apps were thoroughly examined and one of the worst offending apps had problems such as: 

  • Missing key information in the privacy notice;
  • Collecting vast amounts of sensitive data from individuals including mental health symptoms, observations and sexual orientation which would then be shared with advertising partners and service providers as well as potential therapists; and
  • Lack of clarity about how long the data would be retained. 
Mozilla also concluded that most of the privacy notices were not clearly written. The minimum requirements of a privacy notice are as set out under Articles 13/14 of the EU/UK GDPR and are supplemented by the European Data Protection Board's guidelines on transparency. Transparency, i.e., being clear, is a fundamental principle of data protection and one that is given great importance due to the fact that individuals need to be openly informed about how their personal data will be used and why. Given the popularity of mental health apps in today's society, the significance of having a privacy compliant app cannot be underestimated, especially as people will be using these apps at a time when they are vulnerable and fragile. 
Following the recent decision and fine by the Irish Data Protection Commissioner on WhatsApp, the topic of privacy notices has gained a lot of attention with the decision placing great emphasis on the concept of transparency. In this article we take a more detailed look at the Mozilla Guide, the key takeaways from the WhatsApp decision and the competitive differentiator a privacy compliant app can be. 

Areas of Expertise

Data and Privacy