Well-being measurement devices are a familiar sight also at work places today. Activity trackers and smart rings are used at preventive occupational health for example as a tool for stress management. The data collected by the devices, and who can access it might cause concern. Are we now under a continuous surveillance by our employer?
Moodmetric’s aim is to help people to manage stress, not to increase it. Well-being measurements at offices might raise questions. In this article we list general data privacy principles that Moodmetric has been committed to.
General Data Protection Regulation (GDPR)
The roots of the GDPR are at the 1950 European Convention on Human Rights, which states, “Everyone has the right to respect for his private and family life, his home and his correspondence.” The EU recognized the need for modern protections as technology progressed and the internet was invented.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. The GDPR recognizes several new privacy rights for data subjects, which aim to give individuals more control over the data they loan to organizations. As an organization, it’s important to understand these rights.
For non-EU companies it is important to understand that if you process the personal data of EU citizens or residents, or you offer goods or services to such people, then the GDPR applies to you even if you’re not in the EU.
Data subjects’ privacy rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Source: EU – What is GDPR
The GDPR has made people more aware of their rights and to pay attention what data they have shared with different organizations. Masses of data has been collected e.g. by Google and Facebook. Social media is one way to publish many things of oneself to the whole world. Smart phones on the other hand might collect and handle information without the user to fully understand what and how.
Laws and legislation limit the use of personal data. The restrictions are very tight in the EU and local laws can be even tighter for instance when talking of employee rights. Well-being device providers can not share personal data e.g. to employers within the EU.
Companies can take things further and ensure that not only the processes but also the mindset is directed towards an individual. MyData Global is a non-profit whose core idea is that everyone should have an easy way to see where data about us goes, specify who can use it, and alter these decisions over time.
The human-centric paradigm is aimed at a fair, sustainable, and prosperous digital society, where the sharing of personal data is based on trust as well as balanced relationship between individuals and organisations.
The GDPR and the MyData project are aligned, but MyData has even higher objectives. Anyone can join the MyData community and drive change together with other members.
MyData Global is to empower individuals by improving their right to self-determination regarding their personal data
Mikael Rinnetmäki is the founder of Sensotrend. He has been involved in data privacy related discussions in Finland and globally for over five years. Rinnetmäki has a helicopter view on the topic and encourages everyone to consider the global aspect:
– This is a complex matter altogether. Western democracies find the government control of personal data, like the Social Credit System in China, scary. On the other hand, cases like Cambridge Analytica have made it clear that data collected by huge Western companies is not without problems either. Europe has tried to increase citizens’ control over how their data is being used, but the endless cookie consent dialogs on websites prove that this is not a simple thing to achieve either. MyData movement still believes in human-centric control of data, and concentrates on boosting the actionable rights like right to data portability. The activists see that the mega application models both in East (BAT: Baidu, Alibaba, Tencent) and West (GAFAM: Google, Apple, Facebook, Amazon and Microsoft) pose inherent threats. MyData community members regard it is much safer to keep data distributed in smaller applications.
– Most wellness apps (Moodmetric included) do an excellent job at both protecting the privacy of the individual and also enabling portability of the data between different apps – when the individual so chooses.
Participant of Moodmetric Measurement determines how own data is used
Moodmetric acts according to MyData principles. The most important matter from an individual point of view is that data is not shared with any person or entity without consent.
The Moodmetric measurement data is stored at a smartphone app. This data can only be accessed by the user of the phone.
It is possible to store measurement data also to the Moodmetric cloud service. From the cloud service it is possible to share the data to others but this is not made without consent. Data in the cloud is pseudonymised. In addition, individuals always have the right to request and get given a confirmation that all their personal data is removed.
In what context can someone else see my Moodmetric data?
The most typical context is a research setting where people are requested to join a research study. Prior to any measurements the participants are very clearly clarified the scope of research, how their data is used and who can access it. Consent must be requested clearly with no ambiguity on the possible use of the data.
In a context of workplace well-being a person might want to discuss his/her data with a healthcare professional. The data can be shown during a reception directly from the Moodmetric app, without sharing it in physical or digital form. The healthcare professional may not share or discuss this information with the employer.
What about Moodmetric Group Measurement?
Moodmetric Group Measurement is a 2-week measurement period designed for organizations and teams. The participants follow their personal data during the measurement period.
Both the participants and the employer get the same anonymous group level report at the end of the measurement. It shows average stress levels of the group over the measurement period. Individual information is not shared with the employer, nor can it be deducted from the report.
The employees can discuss their own data with others. Many takes this as a big additional benefit to be able to compare e.g. stress levels during a meeting with colleagues. Some seize this opportunity to discuss and learn more about stress management, some keep their stress levels private.
In some organizations the group level results have been discussed and actions taken based on them on an organizational level. For example there was a team that always had their weekly meeting on Friday afternoon. The Moodmetric data revealed that the group level stress numbers were quite high during that time, which led to a discussion and hence a decision to move the meeting to another day.
Moodmetric Group Measurement can be a tool to develop common ways of working that help to manage stress of an individual and the team and organization as a whole.