Centre for Internet & Society

Privacy Policy Framework for Indian Mental Health Apps

Technology development has made services and solutions available to people at their fingertips, including the ability to purchase goods and services for one’s physical and mental well-being. Over the last decade, the number of mental health apps available globally has increased exponentially.

A study conducted in 2012, revealed that just 6% of 9,000 (540) health-related apps targeted mental health concerns. By 2020, a similar study reported that number to have increased to 10,000 apps with an increased focus on symptom tracking, habit formation, and other areas. The number of apps available and their uptake have increased, especially since the COVID-19 pandemic.[1] These apps provide a range of services such as one-to-one counselling with a professional, digital version of mental health exercises, and chatbot-based mental health support to name a few, to improve the well-being of their users at the touch of a few buttons.

An essential part of any app is its privacy policy, which informs users of how it collects and uses their data. An international study on users’ awareness of privacy concerns indicates that they are not always aware of the rights they are giving up while consenting to a privacy policy or the purpose of such policies.[2] Understanding the terms of a privacy policy is important, especially for mental health apps, which deal with sensitive personal information.

This report analyses the privacy policies of mental health apps in India and provides recommendations for making the policies not only legally compliant but also user-centric. The report’s findings indicate a significant gap in the structure and content of privacy policies in Indian mental health apps. This highlights the need to develop a framework that can guide organisations in developing their privacy policies. Therefore, this report proposes a holistic framework to guide the development of privacy policies for mental health apps in India. It focuses on three key segments that are an essential part of the privacy policy of any mental health app. First, it must include factors considered essential by the Digital Personal Data Protection Act 2023 (DPDPA) such as consent mechanisms, rights of the data principal, provision to withdraw consent etc. Second, the privacy policy must state how the data provided by them to these apps will be used. Finally, developers must include key elements, such as provisions for third-party integrations and data retention policies.

Definition of Mental Health

According to the World Health Organization (WHO), mental health is a state of mind that allows individuals to cope with stressors, understand their strengths and skills, and contribute to the community.[3] According to the Indian Mental Healthcare Act 2017 (MHA), mental healthcare involves analysing an individual’s mental status and providing adequate treatment and rehabilitation for their symptoms and condition.[4] It does not distinguish between in-person and digital healthcare initiatives. Few other definitions related to mental health speak about “ well-being” and describe it as how an individual perceives oneself, deals with adversities, and engages with opportunities in various dimensions of life, such as the workplace, community, or family.[5] Therefore, understanding mental health apps requires a clear grasp of the concept of digital mental health and the broader global context in which these apps operate.

According to the American Psychiatric Association, digital mental health involves the use of digital techniques for the management of mental health concerns, provision of interventions between sessions, promotion of mental well-being, and treatment of mental health concerns through digital and online mechanisms.[6] Mental health apps provide a range of digital mental health interventions in one place, such as digital journaling and diaries, peer support communities, therapeutic interventions, mood tracking, psychoeducational resources, and more.[7] These digital mental health interventions provide anonymity to users as the apps allow individuals to customise their names. They also provide access to mobile-based online sessions and allow users to tailor the app according to their requirements as a first step towards taking charge of their mental health.

Background

The National Institute of Mental Health (NIMH), a globally recognised institution focused on mental health situated in the US, classifies mental health apps can be classified into the following six categories based on their functionality:[8] These groups include:

  1. Self-management, where an individual manages their symptoms and well-being with the help of feedback from the app
  2. Cognitive improvement, where an individual improves their thinking skills and works on severe mental health conditions
  3. Skills training, where an individual engages with techniques using the app to work on their mental health – for example, by learning about coping mechanisms or addressing negative thinking
  4. Supported care, where an individual interacts with mental health professionals and other members of their peer community through the app
  5. Symptom tracking, where an individual tracks their conditions and symptoms
  6. Passive data collection, where symptoms of the individuals are tracked through in-built mechanisms in the phone or the app thus acquiring large amounts of data from the users without their active inputs

Mental health apps are popular for many reasons: ease of access, portability of mental health support, the reduced effort required to care for one’s well-being, and more.[9] Studies indicate that such apps might enhance self-awareness, increase autonomy,[10] and support the destigmatisation of mental health.[11]

While these apps have multiple benefits, they also have certain shortcomings – for instance, some apps may be less secure in terms of protecting users’ data.[12] These apps may also be created by developers who are unaware of data security concerns. Furthermore, developers might not have the time to build adequate protection against data leaks when required to develop apps within quick turnaround times.[13] Relying on advertising and analytical third parties can also contribute to data leaks and the re-identification of personal data.[14]

[1] Rebecca A. Clay, “Mental Health Apps Are Gaining Traction”, Monitor on Psychology 52, no. 1 (2021): 55, https://www.apa.org/monitor/2021/01/trends-mental-health-apps.

[2] Tommy Nguyen, Garnet Yeates, Tony Ly, and Umar Albalawi, “A Study on Exploring the Level of Awareness of Privacy Concerns and Risks”, Applied Sciences 13, no. 24 (2023): 13237, https://doi.org/10.3390/app132413237.

[3] “Mental Health,” World Health Organization, accessed 29 December 2024, https://www.who.int/health-topics/mental-health#tab=tab_1.

[4] The Mental Healthcare Act, 2017.

[5] Dinesh Bhugra, Alex Till, and Norman Sartorius, “What Is Mental Health?” International Journal of Social Psychiatry 59, no. 1 (2013): 3–4, https://doi.org/10.1177/0020764012463315.

[6] “Digital Mental Health”, American Psychiatric Association, accessed 29 December 2024, https://www.psychiatry.org/psychiatrists/practice/digital-mental-health.

[7] Raymond R. Bond, Maurice D. Mulvenna, Courtney Potts, Siobhan O’Neill, Edel Ennis, and John Torous, “Digital Transformation of Mental Health Services”, npj Mental Health Research 2, no. 1 (2023), https://doi.org/10.1038/s44184-023-00033-y.

[8] “Technology and the Future of Mental Health Treatment”, National Institute of Mental Health, accessed 29 December 2024, https://www.nimh.nih.gov/health/topics/technology-and-the-future-of-mental-health-treatment.

[9] Pooja Chandrashekar, “Do Mental Health Mobile Apps Work: Evidence and Recommendations for Designing High-Efficacy Mental Health Mobile Apps”, mHealth 4 (2018): 6, https://doi.org/10.21037/mhealth.2018.03.02.

[10] Jennifer L Prentice and Keith S. Dobson, “A Review of the Risks and Benefits Associated with Mobile Phone Applications for Psychological Interventions”, Canadian Psychology/Psychologie Canadienne 55, no. 4 (2014): 282–90, https://doi.org/10.1037/a0038113.

[11] David Bakker, Nikolaos Kazantzis, Debra Rickwood, and Nikki Rickard, “Mental Health Smartphone Apps: Review and Evidence-Based Recommendations for Future Developments”, JMIR Mental Health 3, no. 1 (2016): e7, https://doi.org/10.2196/mental.4984.

[12] Leonardo Horn Iwaya, M. Ali Babar, Awais Rashid, and Chamila Wijayarathna, “On the Privacy of Mental Health Apps”, Empirical Software Engineering 28, no. 1 (2022), https://doi.org/10.1007/s10664-022-10236-0.

[13] Bakheet Aljedaani and M Ali Babar, “Challenges with Developing Secure Mobile Health Applications: Systematic Review”, JMIR mHealth and uHealth 9, no. 6 (2021): e15654. https://doi.org/10.2196/15654.

[14] Iwaya et al., “On the Privacy of Mental Health Apps”.


Click to download the full research paper here

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.

Meta

Author

Chakshu Sang and Shweta Mohandas

Blog

Events

Funded by

 

Offices

Bengaluru: #32, 1st Floor, 2nd Block, Austin Town, Viveka Nagar, Bengaluru, Karnataka 560047.

 

null

 

Support Us

Please help us defend citizen and user rights on the Internet!

You may donate online via Instamojo. Or, write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at #32, 1st Floor, 2nd Block, Austin Town, Viveka Nagar, Bengaluru, Karnataka 560047. These charitable contributions will be towards the Institutional Corpus Fund of the Centre for Internet and Society.

Follow our Works

Newsletter: Subscribe

researchers@work blog: medium.com/rawblog

Twitter (CIS): @cis_india

Twitter (CIS-A2K): @cisa2k

Instagram: @cis.india

Youtube: Centre for Internet and Society

Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to us at communications[at]cis-india[dot]org with an indication of the form and the content of the collaboration you might be interested in.

In general, we offer financial support for collaborative/invited works only through public calls.

About Us

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.

Through its diverse initiatives, CIS explores, intervenes in, and advances contemporary discourse and regulatory practices around internet, technology, and society in India, and elsewhere.

© Centre for Internet & Society

Unless otherwise specified, content licensed under Creative Commons — Attribution 3.0 Unported.