Bridging the Privacy Gap: Stakeholder Solutions to Support Transparent Data Management Practices in Digital Health Research

Abstract

Digital health research increasingly relies on commercial products like wearable fitness trackers, mobile apps, and social media platforms. Incorporating these technologies into research requires acceptance of third-party privacy policies, which describe how companies manage participant data. These documents are often lengthy and complex, creating challenges for researchers and institutional review boards (IRBs) responsible for identifying potential data risks. Despite this, privacy policy review is not always part of research oversight, leaving a critical blind spot in risk assessment. This study identified stakeholder priorities for improving privacy policy communication in digital health research and co-designed solutions to address these challenges. Guided by the Double Diamond design framework, a four-hour in-person co-design workshop was conducted in March 2025 at UC San Diego with 25 participants representing three stakeholder groups: IRB members, researchers, and research participants. Eligible participants had prior experience with digital health research. The workshop explored the Fitbit privacy policy in the context of a fictional digital health study. Participants moved through the four phases of the Double Diamond—Discover, Define, Develop, and Deliver—engaging in activities such as privacy policy analysis, problem statement development, issue prioritization, solution brainstorming, and prototype creation. Data sources included individual workbook responses, group discussion notes, prioritization votes, and final prototype presentations. These were transcribed, labeled by stakeholder group, and analyzed using Anthropic’s Claude Sonnet 4.0 for AI-assisted thematic and sentiment analysis, verified by a researcher. Participants co-created six prototype solutions: A policy scoring app A personalized data risk profile app A gamified platform experience An interactive, closed-loop consent tool A multi-format dashboard showing risks and benefits A tool supporting communication between researchers and IRBs Low-fidelity mockups of each prototype were generated using Sora AI. Five of the six prototypes were aimed at improving communication with research participants, while one specifically addressed IRB workflows. Participants prioritized features such as simplification tools, interactive consent interfaces, granular user control, and third-party transparency mechanisms. Canva was used to further refine low-fidelity designs. The prototypes were organized into three thematic categories: (1) privacy policy learning tools, (2) a data preferences dashboard, and (3) third-party risk assessment features. Digital health technologies carry potential data risks not always captured in research oversight processes, particularly due to the inaccessibility of third-party privacy policies. This study demonstrates the value of engaging stakeholders to co-design communication tools that support informed consent and transparency. Participants emphasized the importance of interactive, personalized, and accessible platforms that clearly convey data management practices and third-party relationships. These co-designed solutions provide evidence-based guidance for improving privacy policy communication in digital health research.

Keywords: Research Ethics, Data Management Practices, Privacy, Co-Design, Digital Health

DOI: 10.54941/ahfe1006823