Digital health fiduciaries: protecting user privacy when sharing health data

Wearable self-tracking devices capture multidimensional health data and offer several advantages including new ways of facilitating research. However, they also create a conflict between individual interests of avoiding privacy harms, and collective interests of assembling and using large health data sets for public benefits. While some scholars argue for transparency and accountability mechanisms to resolve this conflict, an average user is not adequately equipped to access and process information relating to the consequences of consenting to further uses of her data. As an alternative, this paper argues for fiduciary relationships, which put deliberative demands on digital health data controllers to keep the interests of their data subjects at the forefront as well as cater to the contextual nature of privacy. These deliberative requirements ensure that users can engage in collective participation and share their health data at a lower risk of privacy harms. This paper also proposes a way to balance the flexible and open-ended nature of fiduciary law with the specific nature and scope of fiduciary duties that digital health data controllers should owe to their data subjects.