Panel: The Future of the Privacy Landscape for Mobile Health Apps

Tuesday, September 12, 2023 - 9:30 am10:10 am

Primal Wijesekera, ICSI & UC Berkeley; Kerry O'Brien, Federal Trade Commission; Alisa Frik, ICSI; Mohsin Khan, Oscar Health


The regulatory landscape surrounding the collection, use, and sharing of personal health information is complex and constantly evolving. Given the host of regulations that could be relevant to mobile health apps, it is not surprising that many developers and organizations are confused about or unaware of such regulations, and about how to comply. For example, when an ICSI research team systematically examined the data handling practices of over 300 Android telehealth apps from 35+ countries, we found that a significant portion are deploying event reporting. This potentially exposes highly sensitive health data to domains not equipped to handle health data. Such practices demonstrate a clear gap between the technical and regulatory realms. U.S. federal regulators, including DHHS and the FTC, have recently pushed to update regulations and improve enforcement, making these issues even more urgent.

This panel brings together stakeholders from the mobile health industry and the policy world, with researchers examining the technical and legal implications to explore challenges both developers and regulators face. The goal is to exchange ideas about how developers can address privacy/utility tradeoffs while complying with regulations, identify disconnects between stakeholders' understandings of both technology and policy and identify priorities for future research to support all stakeholders.

The research basis is a collaboration with Liam Webster (ICSI), Anniyat Karymsak (UC Berkeley), Julia Bernd (ICSI), Mitra Bokaei Hosseini (UTSA), and Mobin Javed (LUMS), along with Wijesekera, Martinez-Martin, and Frik.

Primal Wijesekera, ICSI & UC Berkeley

Primal Wijesekera is a staff research scientist in the Usable Security and Privacy Research Group at ICSI and also holds an appointment in the EECS at the University of California, Berkeley. His research focuses on exposing current privacy vulnerabilities and providing systematic solutions to meet the privacy expectations of consumers. He has extensive experience in mobile app analysis for privacy violations and implementing privacy protections for Android. He has published in top-tier security venues (IEEE S&P, USENIX Security and usable security and privacy venues (ACM CHI, SOUPS, PETS). He received his Ph.D. from the University of British Columbia, although he carried out his Ph.D. research at U.C. Berkeley. He also has a Masters from UBC in Distributed Systems and a BSc in CS from the University of Colombo, Sri Lanka. His research on privacy on mobile platforms has received the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies, the USENIX Security Distinguished Paper Award, the AEPD Emilio Aced Personal Data Protection Research Award, and the CNIL-INRIA Privacy Award. He is a Co-PI on multiple NSF Projects.

Kerry O'Brien, Federal Trade Commission

Kerry O'Brien is the Regional Director of the Federal Trade Commission's Western Region in San Francisco. As a 33-year veteran at the FTC, Kerry has participated in a wide variety of Commission matters, many involving national and mobile advertising, deceptive privacy/data security policies, and various frauds and scams. Kerry supervises the San Francisco office's consumer protection and competition casework. She regularly speaks on a wide variety of consumer protection topics. Kerry received her bachelor's degree from Vassar College and her law degree from UC Davis School of Law, where she was a member of the Order of the Coif and Law Review.

Alisa Frik, ICSI

Alisa Frik, Ph.D., is a research scientist at the International Computer Science Institute (ICSI) and a member of the Berkeley Laboratory for Usable and Experimental Security (BLUES). She obtained a Ph.D. degree in Economics at the School of Social Sciences, University of Trento, Italy. Alisa applies her expertise in behavioral and experimental economics, decision-making, behavior change, and choice architecture to investigate privacy and security attitudes and behaviors of regular and vulnerable populations of online users. She explores how contextual and human factors, including trust, heuristics and biases, as well as behavioral interventions, affect users' behaviors and decisions. She focuses on mobile privacy and security, healthcare technologies, Internet of Things, digital advertising, and Artificial Intelligence systems.

Mohsin Khan, Oscar Health

Mohsin Khan is a seasoned data privacy expert with a deep focus on applications and data in the healthcare privacy domain. His experience spans implementing enterprise-wide privacy programs at Oscar Health Insurance to addressing critical privacy concerns in cloud computing, IoT, and mobile applications. Holding a JD and LLM, he is at the nexus of technology and privacy, ensuring the sanctity of personal information in our digital age. An active contributor to the International Association of Privacy Professionals (IAPP), he is passionate about the intersection of data, technology, and privacy.

@conference {290893,
author = {Primal Wijesekera and Kerry O{\textquoteright}Brien and Alisa Frik and Mohsin Khan},
title = {Panel: The Future of the Privacy Landscape for Mobile Health Apps},
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = sep