Pulse Oximeter App Privacy Policies During COVID-19: Scoping Assessment

BACKGROUND: Pulse oximeter apps became of interest to consumers during the COVID-19 pandemic, particularly when traditional over-the-counter pulse oximeter devices were in short supply. Yet, no study to date has examined or scoped the state of privacy policies and notices for the top-rated and most downloaded pulse oximeter apps during COVID-19. OBJECTIVE: The aim of this study was to examine, through a high-level qualitative assessment, the state and nature of privacy policies for the downloaded and top-rated pulse oximeter apps during the COVID-19 pandemic to (1) compare findings against comparable research involving other mobile health (mHealth) apps and (2) begin discussions on opportunities for future research or investigation. METHODS: During August-October 2020, privacy policies were reviewed for pulse oximeter apps that had either at least 500 downloads (Google Play Store apps only) or a three out of five-star rating (Apple Store apps only). In addition to determining if the apps had an accessible privacy policy, other key privacy policy–related details that were extracted included, but were not limited to, app developer location (country); whether the app was free or required paid use/subscription; whether an ads disclosure was provided on the app’s site; the scope of personal data collected; proportionality, fundamental rights, and data protection and privacy issues; and privacy safeguards. RESULTS: Six pulse oximeter apps met the inclusion criteria and only 33% (n=2) of the six apps had an accessible privacy policy that was specific to the pulse oximeter app feature (vs the app developer’s website or at all). Variation was found in both the regulatory nature and data privacy protections offered by pulse oximeter apps, with notable privacy protection limitations and gaps, although each app provided at least some information about the scope of personal data collected upon installing the app. CONCLUSIONS: Pulse oximeter app developers should invest in offering stronger privacy protections for their app users, and should provide more accessible and transparent privacy policies. This is a necessary first step to ensure that the data privacy of mHealth consumers is not exploited during public health emergency situations such as the COVID-19 pandemic, where over-the-counter personal health monitoring devices could be in short supply and patients and consumers may, as a result, turn to mHealth apps to fill such supply gaps. Future research considerations and recommendations are also suggested for mHealth technology and privacy researchers who are interested in examining privacy implications associated with the use of pulse oximeter apps during and after the COVID-19 pandemic.