Between dataveillance and cybersecurity: digital phenotyping as seen by EU regulation 2016/679

Abstract

Contemporary societies increasingly rely on the opportunities created by technologies that make possible the production, collection, processing and reuse of huge datasets to obtain inferences that can be used in the most diverse fields. Among these there is also the medical-health sector, which has seen an unusual acceleration of the digitization processes coinciding with the advent of the COVID-19 pandemic. These processes have contributed to the consolidation of what can be defined as informational medicine, i.e., a paradigm that is increasingly based on the collection and analysis of data taken from the human body. The emergence of digital phenotyping, i.e. the quantification of human phenotypic characteristics through the analysis of the data offered by digital devices, must be framed in this context. As highlighted by the specialized literature on the subject, digital phenotyping can revolutionize the diagnostic-therapeutic process, especially in the field of mental health, ensuring greater accuracy and timeliness of intervention. However, the emergence of this innovative dimension risks blurring the boundaries between prevention and surveillance, representing a concrete threat not only for the personal sphere, but also, more generally, in terms of cybersecurity. Within this work, the risks that may derive from the diffusion of digital phenotyping are described in more detail through a constant comparison between the findings offered by the literature and the legal context of reference and, in particular, the discipline offered by the EU Regulation 2016/679.