Mobile Apps for People with Dementia: Are They Compliant

with the General Data Protection Regulation (GDPR)?

Joana Muchagata and Ana Ferreira

CINTESIS - Center for Health Technology and Services Research, Faculty of Medicine, University of Porto, Portugal

Keywords: General Data Protection Regulation (GDPR), mHealth Apps, Dementia, Alzheimer’s Disease

Abstract: Mobile apps have the potential to improve the overall patients and caregivers’ quality of life and, particularly,

of those with dementia. The ability to stimulate cognitive functions, keep the brain active and helping people

to be as independent as possible in their daily lives are considered highly valued characteristics. But despite

those advantages, there is a lack of security standards and guidelines focused on mobile apps and the general

sense is that those provide low or no privacy/security and commonly do not comply with current regulations.

We analysed eighteen apps with the ability to stimulate cognitive functions for people with dementia to verify

if they were GDPR compliant. Results show that most analysed apps (78%) do not provide any information

regarding how personal data are processed, and if they do, this is not clear. Also, users’ consent to allow that

processing is rarely sought (11%). In conclusion, GDPR mandated requirements are still not implemented in

most of the analysed mental health apps to ensure privacy and security in the interactions between users and

mobile apps. This work intends to bring awareness to this issue to both researchers and developers, especially

in the area of healthcare and mental health.

1 INTRODUCTION

Mobile devices have an important place in our daily

life as they have been transforming our personal lives

and work environments. More specifically, the

variety of applications available today, have

completely transformed our interaction with mobile

devices and the information we search and exchange.

Mobile apps offer a variety of solutions in many

different fields including healthcare, where its impact

has been very significant. In this domain there is a

noticeable development of health related apps

offering intelligent tools and services to support

healthcare interventions according to the users'

condition (Papageorgiou et al, 2018). Patient care and

monitoring, diagnosis, medical education and

communication are being carried out with

smartphones (Yasini and Marchand, 2015). Google’s

Play Store (Android system) and Apple’s App Store

(iOS system) have available mobile health

applications (mHealth apps) for patients all over the

world related to medication control and update,

appointments management, blood pressure monitor,

diabetes control, fitness, nutrition, mental health, and

many others. Apps have also been proving to have the

potential to improve the overall quality of life in

patients with dementia (Yamagata et al, 2013). And

although the variety of apps for both patients with

dementia and their caregivers is wide, are those

prepared to ensure security and privacy of users’

data? And are those applications in compliance with

the several legal requirements of the new European

General Data Protection Regulation (European

Union, 2016; GDPR, 2017)?

Due to the advanced processing capabilities of

smartphones, many apps in addition to collect users’

health data to help them better comprehend their

health status and to promote their overall wellbeing,

they also store and process other sensitive

information such as user's health related data,

location, lists of contacts and personal photographs

(Papageorgiou et al, 2018; Rosenfeld et al, 2017).

Also, many of them have not been tested properly in

terms of efficacy and safety (Armontrout et al, 2018).

This situation can compromise users’ protection,

privacy and security due to a lack of data protection

safeguards and control (EDPS, 2016). All this is even

more worrying when apps are for people with

dementia, whose cognitive impairment can put them

at an increased risk of privacy breaches and harm

(Rosenfeld et al, 2017).

Therefore, and in order to verify the state of

privacy and security in the interactions between users

and mobile apps and the protection of individuals’

Muchagata, J. and Ferreira, A.

Mobile Apps for People with Dementia: Are They Compliant with the General Data Protection Regulation (GDPR)?.

DOI: 10.5220/0007352200680077

In Proceedings of the 12th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2019), pages 68-77

ISBN: 978-989-758-353-7

personal data, in this paper we searched for apps

available in online play stores, with the ability to

stimulate cognitive functions for people with

dementia. The main goal was to analysed if the

selected apps follow the several legal requirements

for GDPR data protection compliance.

This paper is organized as follows: section 2

presents the state of the art and section 3 describes the

methods used to analyse the apps for people with

dementia and if they are in compliance with the

GDPR. Section 4 presents the results of our analysis,

section 5 discusses the obtained results while section

6 concludes the paper.

2 STATE OF THE ART

Technological advances bring numerous benefits for

our society on a daily basis. Smartphones and apps

are becoming more accessible to everyone and are

increasingly used anytime and anywhere in today's

world. It is estimated that 78% of the Portuguese

population use smartphones and 72% of users

accessed the internet “on the move” (Instituto

Nacional de Estatística, 2016). Mobile apps have

been incorporated into the personal and social

routines of the global population. The diversity of

apps available today for the general public is

enormous, and in recent years, the development of

apps for mental illness has expanded significantly

(Armontrout et al, 2018). These apps aim to improve

mental health and well-being, helping mental illness

recovery and encouraging beneficial habits that

improve emotional health (Bakker et al, 2016).

Innovative solutions for people with some kind of

mental health issues are particularly valuable.

However, the progression of the mHealth market

comes with a growing concern for the security and

privacy of smartphones and their installed apps

(Papageorgiou et al, 2018). Many apps do not follow

design principles and privacy guidelines and many

times there is a lack of clinical evidence as to their

potential benefits (Bakker et al, 2016). Thus, despite

of the massive development on a digital level, society

began facing questions related with regulation which,

in addition to allow innovation, should provide

quality and help to ensure security and privacy of

users and their personal data.

In order to respond to the lack of security

standards or guidelines to follow, as well as, the low

or non-existent protection of users personal data, the

European Commission adopted, in 2016, a new

stricter legislation for protecting and controlling the

processing of individuals' personal data of European

member states, the General Data Protection

Regulation (GDPR) (European Union, 2016).

2.1 General Data Protection

Regulation (GDPR)

On May 25 2018, the new European Union (EU)

General Data Protection Regulation (GDPR) has

come into force to regulate the principles and rules

applicable to the processing of personal data

(European Union, 2016; GDPR, 2017). GDPR is

designed to protect user’s personal data processing,

and to ensure that the user is in control of their

personal data, rather than companies or businesses.

This new regulation replaces the Data Protection

Directive 95/46/EC and it will also help to change the

way systems are designed and developed (Krempel

and Beyerer, 2018).

The GDPR is applicable to all businesses and

organisations that process and hold personal data of a

European citizen (e.g. hospitals, public authorities,

public organisations, etc.) establishing a uniform

framework for data protection legislation across the

European Union. This means that now the entire EU

is governed by a single regulation instead of each

country having their own data protection laws

(European Commission, 2018).

GDPR is having a major impact, and as it happens

in society in general, also mobile app companies and

app owners should implement several procedures to

comply with it in order to ensure privacy and security

in the interactions between users and mobile apps.

Nowadays, there is a lack of security standards or

guidelines to follow and the majority of existing

mobile apps provide low or no security protection

(Mirkovic et al, 2011).

Although GDPR regulation has been decided

since 2016, the authors could not find in the research

literature works that can provide clear methods to

translate the key changes that need to occur between

previous and current GDPR legislation regarding

users’ interactions with mobile apps. Designing and

providing clear privacy notices on smaller screens is

not easy. Also capturing and managing user’s consent

as required by GDPR is technically challenging. And

although GDPR does not contain any exact step-by-

step guidelines, it gives a list of the general rules that

should be kept in mind when designing and

developing software. Some of the GDPR key changes

are described by GDPR (GDPR, 2017), the Official

Journal of the European Union (European Union,

2016) and by the Portuguese National Commission

for Data Protection (CNPD, 2017) (more details in

section 3).

Mobile Apps for People with Dementia: Are They Compliant with the General Data Protection Regulation (GDPR)?

2.2 The Use of Mobile Apps by People

with Dementia

The world is experiencing demographical changes

due to a significant ageing increasing. One effect

related with the ageing population is a growing

number of people with dementia (Alzheimer's

Disease International, 2015).

Dementia includes a group of symptoms

associated with memory loss; difficulties with

problem solving, language, thinking and

concentration; decline of social skills; periods of

mental confusion and changes in normal emotional

reactions severe enough to reduce a person's ability to

perform everyday activities (Alzheimer’s

Association, 2018; UKS Mobility, 2016).

Some problems experienced by people with

dementia are related with short-term memory,

keeping track of a personal object, paying bills,

planning and preparing meals, remembering

appointments, traveling out of the neighbourhood and

even losing the interest in activities that they used to

enjoy (Alzheimer’s Association, 2018). Alzheimer's

disease (AD) is the most common form of dementia,

accounting for about 50% to 70% of all cases

(Alzheimer Portugal, 2018). This disease causes a

global, progressive and irreversible deterioration of

various cognitive functions (memory, attention,

concentration, language, thinking, among others).

This deterioration results in changes in behaviour,

personality and functional capacity of the person,

making their daily activities difficult to perform

(Astell et al, 2008).

A person living with dementia will require more

and more care as their condition progresses.

However, during the early or mildest stage of

dementia there are a number of things that can be

done to help the person maintaining their

independence for as long as possible and to keep the

brain active (UKS Mobility, 2016). As a result,

technology to assist people with dementia (and more

specifically with Alzheimer) is highly needed.

According with Christina Yamagata et al. (Yamagata

et al, 2013), technology can improve the quality of

life for individuals suffering from cognitively

debilitating diseases.

Nowadays the majority of people own a

smartphone and in recent years several mobile apps

have been arising with the aim of helping people with

dementia to keep them active and to be as

independent as possible in their daily lives. Mobile

devices and proper apps may allow patients and

caregivers to individualize the care to their own

needs, empowering this entire patient’s population.

Even more, apps that provide the use of the brain,

memory, and solving problem games, help stimulate

the brain, the cognitive ability and reduce symptoms

of older adults and patients suffering from AD

(Yamagata et al, 2013).

3 METHODS

Google’s Play Store and Apple’s App Store offer a

wide range of apps in various categories. As for

instance, the number of available apps in the Google

Play Store was recently placed at 2.6 million apps in

December 2018, being the majority of them free to

download (Statista, 2018).

Over recent years, numerous mental health apps

have been developed and made available to

smartphone users. Particularly, for people with

dementia, there are several types of apps with

different approaches (daily aid, memory training,

relaxation, games, caregiver management and

information apps) and various apps contain games

and activities that can help stimulate the exercise of

the brain (UKS Mobility, 2016).

We decided to look for useful apps with the ability

to stimulate cognitive functions such as memory,

attention, concentration, language and thinking. Our

choice is related to the fact that the use of this type of

apps could help to slow down the progression of

Alzheimer's and dementia, on their first stages.

Due to Android's popularity, we decided to test

Android apps from Google’s Play Store, but because

of its huge dimension, it was difficult to do a full

review of all apps, so there was the need to take into

account the selection criteria. We have selected: (i)

free mobile apps with the ability to stimulate cognitive

functions for people with dementia, (ii) in English and

Portuguese languages, (iii) that matched the search

terms “Alzheimer and memory”, “Alzheimer and

cognitive games” “Dementia and memory”,

“Dementia and concentration”, “Preventing

dementia”, and (iv) with high rating by their users (four

and five stars). We also included in our analysis four

more apps (marked with an “a”) suggested by UKS

Mobility (UKS Mobility, 2016) as being useful and

beneficial apps for dementia patients and that could

make life a little bit easier for all involved.

At Google’s Play Store, after choosing the

application section, we introduced our search terms,

and then at the price menu we chose only the free

apps, available for downloading at Google’s Play

Store without any cost.

The reasons that led us to choose the apps in two

languages are related to the fact that Portuguese is the

HEALTHINF 2019 - 12th International Conference on Health Informatics

authors’ native language and we were very interested

in having a perception about what type of applications

are available in our country for this specific public and

if the GDPR requirements implemented in them would

vary; and in English, because it is considered a univer-

sal language, both in research and technology domains,

and also because of the high volume and diversity of

apps in English available in the app’s market.

Therefore, we started with the apps’ selection

according to the criteria, followed by its installation,

and test of its various functionalities relating to

GDPR challenges.

Although initially, we had 33 apps selected, our

analysis includes only 18 apps. We decided to

exclude the apps: (i) exclusive for iOS system (due to

the unavailability of the equipment at that moment),

(ii) that did not work properly or could not be fully

used once installed (i.e., the app blocks in some parts

or the images do not show up for some reason), and

also (iii) those who were not directly related to our

study context (e.g., daily aid apps such as calendar

events and medication reminder, or apps to be used

by caregivers).

The selected apps were all designed to challenge

and improve cognitive skills (such as memory,

attention, processing, precision, and comprehension)

and they can be divided into small groups. Therefore,

four apps (22%), Brain Booster Game, Elevate Brain

Training, Lumosity Brain Training and Memory

Billionaire Lite offer different activities and games to

enhance brain function and increase confidence

which is particularly important for a person with

dementia. One app (6%) Alzminder Lite, in addition

to cognitive games, it also offers other functions such

as voice reminders, music player, talking photo album

and an emergency button. Six of them (33%) are just

composed by memory games: Alzheimer, Brain

Score: Connect Dots, Brain Training (PT), Cake

Memory: Match Card Cute Games, Memory Game

Brain for Dementia and Memory Game to Improve

Intelligence. In terms of visual, musical and written

tips for conversations and memory support we have

one app (6%), the app Memory Box. In its turn,

Rimentia - Brain Training (one app (6%)) is a simple

colour puzzle that aims to improve the cognitive

abilities of the mind and improve memory through

colours. Three of our apps (17%) consist in a simple

set of games designed to help slowing down the

progression of Alzheimer's and dementia:

Alzheimer's Speed of Processing Game - ASPEN,

Brain Mayo and MMSE. Another one (6%), The Dot

Game, is a very simple game designed for people with

cognitive and/or physical challenges. More than just

a memory game, BrainyApp 2.0 (one app (6%)) helps

users to track and monitor their brain health over

time. In addition to cognitive activities, it also offers

many daily workout tips for users to become

physically active, eating better and interacting with

other people in social activities.

Next, the authors indicate whether the tested

applications comply with the following GDPR

challenges (EDPS, 2016; European Union, 2016;

GDPR, 2017): a) Installation; b) Privacy policy; c)

Terms and conditions; d) Request for consent; e)

Special categories of data (explicit consent); f)

Portability of personal data, and g) The right to be

forgotten.

In order to verify if the GDPR challenges are

taken into account within the analysed apps, for each

of the above challenge we checked the:

 Installation - before the app is installed it needs

to communicate to the users the type of access

that the mobile app will have in the user mobile

phone;

And if it included required GDPR items and/or

functionalities, such as the:

 Privacy Policy - the app should inform users (in

a plain and understandable language) the

purposes of data collection, what personal data

is being collected from users, why, and how it

is kept private. A layered notice can be used,

where the initial notice to the user contains the

essential information and further information is

progressively available through subsequent

links;

 Terms and Conditions - instead of using a long

and never-ending “Terms and conditions”,

companies have to make it clear and

transparent and describe in a simple way the

rules, requirements, restrictions and limitations

that users must accept in order to use the

service;

 Request for Consent - users have the right to

freely express their consent. This can be done

by clicking on a button or checking a box.

Companies cannot rely on “presumed consent”

which takes consent implicitly just because

someone is using the app;

 Revoke Consent - functionalities to revoke

users’ consent for each category of personal

data processed should be provided as users

Mobile Apps for People with Dementia: Are They Compliant with the General Data Protection Regulation (GDPR)?

have the right to change their wishes and

revoke their decisions at any time;

 Special Data Categories (explicit consent) -

considered as more sensitive data (biometric

data, race, ethnic origin, politics, religion,

genetics, health, sex life and sexual

orientation), it can only be processed if the user

has given explicit consent. Information can be

provided through icons and images to show

when certain categories of personal data are

processed;

 Portability of Personal Data - the user has the

right to request their personal information and

transfer it to another data controller;

The Right to be Forgotten - users should have the

opportunity to track their profile, edit information and

delete it entirely if they wish. Mobile apps must

provide functionalities to edit and request deletion of

users’ personal data.

Table 1: Analysis of applications for Alzheimer and dementia and their compliance with GDPR.

app complies app does not comply not applicable





n/a

HEALTHINF 2019 - 12th International Conference on Health Informatics

Table 1: Analysis of applications for Alzheimer and dementia and their compliance with GDPR (cont.).

app complies app does not comply not applicable





n/a

Mobile Apps for People with Dementia: Are They Compliant with the General Data Protection Regulation (GDPR)?

4 RESULTS

The authors carried out an analysis to evaluate

whether the selected apps presented in Table 1

comply with GDPR guidelines (those that can be

applied to mobile apps). The results are shown in

Table 1 and organized as follows: the first column has

a list with the apps’ name and in the remaining

columns we reflect on the compliance of each app

with the several points mentioned above.

Our analysis contains in some parts a small

description which can help to better comprehend that

specific functionality; symbols such as “” when the

app complies with a certain point; “” when the app

does not comply with it, and “n/a” in cases when that

point is not applicable to the app (e.g., in some cases

the user does not need to register or insert personal

data, thus, the “right to be forgotten” would not be

applicable).

We also present Table 2, which shows a summary

of the results collected in Table 1.

Therefore, when the user starts with the app

installation s/he must be informed which type of

access that the mobile app will have in the user mobile

phone in order to be installed. In 18 apps, 7 (39%) of

them do not inform about the data they need, and 8

(44%) apps need to access personal data such as

location, contacts and photos. The most required

access is to “Photos/multimedia/files”, which allows

access to almost every file stored in mobile devices.

When the access is related to “Wi-Fi connections”, it

can reveal information about all Wi-Fi connected

devices, the user’s location, etc. Users allow or are

obliged to allow access to personal data in order to be

able to install mobile app to their mobile devices. The

lack of transparency and appropriate justifications

during the installation, rise several issues in relation

to personal data protection and privacy.

When “Privacy policy” is applicable, we verified

that in 14 (78%) apps the “Privacy policy” is not

present/visible and the user has to consent in order to

continue (even though s/he cannot have access to that

information), or the user is confronted with a very

extensive text full of difficult terms to understand

(this happened in 4 (22%) apps) (Figure 1). In 14

(78%) apps, the “Terms and conditions” are

inexistent and in 4 (22%) apps (as it happens with the

privacy policies) the information presented to users is

not concise, clear or simple to understand.

Figure 1: Example of a very extensive privacy policy.

The “Request for consent” occurs in 2 (11%) apps

and in the app “Brain Training (PT)” when the user

starts using the app s/he can control options such as

the automatic login, allow other users to find

Table 2: Summary of the results presented in Table 1.

HEALTHINF 2019 - 12th International Conference on Health Informatics

user’s profile, allow other people to see user’s

activity, but there are no options to change consent.

In the app “BrainyApp 2.0” it is possible to control

features such as notifications, location, connection to

Facebook and the user can change his/her options at

any time (Figure 2).

Figure 2: Example of the features control such as location.

The “Special categories of data” is just applicable

in the app “BrainyApp 2.0” and after installation the

user has to answer some health questions such as

heart health, physical activity, mental challenges and

type of diet. Taking into account the GDPR, health

information is sensitive and the user must give

explicit consent. But in this app the user has to answer

the questions in order to continue. Thus, this cannot

be considered as an explicit consent. This app also

allows to share with others on the Community page

the progress obtained.

The last column of Table 1 is “The right to be

forgotten” and this feature makes sense when the user

has to make a registration (e.g., with an email

account) or when s/he needs to provide some personal

or sensitive data. Thus, 2 (11%) apps have the option

to delete the user’s profile; 3 (17%) don’t allow the

user to delete his/her profile; 2 (11%) apps do not

have that option although the user needs to register

through a Gmail account, and 1 (6%) app enables to

delete the profile but, according with their privacy

policy, they will still retain all information that were

collected until then (Figure 3).

Figure 3: The app will retain the information collected prior

to user’s request for deletion.

5 DISCUSSION

With the lack of adequate legislation, technologies

have expanded without any kind of control. Even with

the introduction of the new GDPR five months ago,

mHealth apps, which may include sensitive personal

data, are still not following the required basic key

privacy changes, at least for the area of dementia.

It is not reassuring that all the analysed apps do

not comply with two of GDPR key challenges related

to the availability of a clear and objective privacy

policy as well as terms and conditions for the use of

an app. Even before GDPR, users were expecting to

have some information available to help them

understand how and what type of processing their

data was going to have. But this analysis shows that a

vast majority of the analysed apps do not have an

available privacy policy or terms and conditions

(78%) at all, suggesting little or no user control of

their personal data once entered into the app. This is

particularly problematic for people with dementia,

who would be exposed to high risk of loss of privacy

if their data were shared without consent. In its turn,

those apps that have a privacy policy (22%), the

information provided is too general, long and vague,

and with a lack of clarity. This is especially

concerning for apps targeting people with dementia,

whose users may lack the cognitive capacity to

interpret the often long and illegible terms and

conditions full of legal, confusing and ambiguous

terminology. This ends up raising the issue of whether

people with cognitive problems may have the

capacity to make informed choices about providing

their data. At the same time, it can place them at an

increasing risk of privacy breaches.

Mobile Apps for People with Dementia: Are They Compliant with the General Data Protection Regulation (GDPR)?

According with the GDPR the essential

information should be clear and made available to the

user, followed by options for the user to specify what

personal data can or cannot be processed, preferably

with icons or pictures. Clearly, this situation is not

happening at the moment. These are basic privacy

mandatory requirements that should be made

available for every type of app, much so for people

with dementia, who need more care and clarity when

exposed to this technology.

Another critical issue is that one third of the

analysed apps do not inform the user about what type

of data and features the app will be accessing when

running while more than a third request some type of

personal data to be installed to fully function. This

disparity of procedures is not helpful and, many

times, there is no need to request personal data unless

the apps have more complete features such as health

advisors, health journals or functionalities that allow

data to be shared, for instance, with health

professionals. However, apps to train brain activity

and cognition, even if they follow users’ progress,

they commonly do not need to require personal data,

nor even data from special categories such as health

related data (as shown in Table 1, for almost all apps

this GDPR key requirement is not applicable). Still, if

they do, they need to make users well aware of what

data are being processed, how and what security

measures are in place and consent must be provided

at all times before that processing starts. Contrary to

this, most analysed apps do not provide the

opportunity to give consent to the various parameters.

Further, in the cases where this is possible (11%),

there is no liberty for the users to change their mind

and revoke that previously given consent.

As to the right to be forgotten, even when the user

creates an account and introduces personal data, a

small number of cases allow users to delete their

profile entirely, again, not in conformance with

GDPR.

Limitations. During this research the authors could

not find information and studies about the impact of

the new GDPR on the development of mHealth apps

and more specifically in cases of apps for people with

dementia, to be able to compare with.

Our sample is very small because, as a first study

in this area, we decided to focus on a restrict group of

apps that specified in their description that they were

designed to improve the cognitive function of people

with Alzheimer's disease and dementia. Due to time

constraints only one researcher did the selection and

revision process. However, used methods can be re-

used/improved by other researchers and re-applied

for a larger sample. Also, we have just experimented

and tested apps for Android, making exclusive

applications for iOS system excluded in our study.

6 CONCLUSION

Despite all the advantages that apps seem to offer to

keep the brain active and help people with AD and

dementia to better cope with their disease, there are

several security and privacy concerns that are still not

addressed. This is particular important for this group

of people as they can potentially be more vulnerable

and less aware to online dangers and privacy breaches

as they may lack the cognitive capacity to interpret

and fully realize the problems.

Through this study we found that most available

analysed apps do not provide any information about

how they process and treat personal data or, if they

do, it is not done in a very clear manner. Furthermore,

most of the key requirements mandated by GDPR are

still not implemented in the available apps and so

these do not comply with regulation to ensure privacy

and security in the interactions between users and

mobile apps, for European citizens.

This work intends to bring awareness to this issue

to both researchers and developers, especially in the

area of healthcare and mental health. Further, it aims

to give some recommendations for future research,

e.g., (1) structured guidelines or principles should be

made available online for all mobile app developers

during the app creation process, to ensure

transparency and to be as much as possible GDPR

compliant, (2) the generalized use of simple, clear,

transparent and understandable Privacy Policy,

always available through a button in the menu

configurations or even in another visible part of the

app, (3) mandatory use of explicit consent, thus when

a user is making a registration on a mobile app, s/he

should be asked to opt-in to have their data collected

or receive communications (emails or notifications)

and this could be done through a consent screen on

the app launch. This screen should also show

information about what user´s data will be collected

and how they are going to be processed, (4) available

functionality where users can ask for their data to be

removed or can request their data to be deleted and

have an opt-out of communications/notifications, (5)

strong encryption algorithms of personal data by

default, (6) every mobile app must include contact

information of the business or app developer, so that

users can contact them and have a quicker and clearer

support, and, most importantly, (7) the existence of

app regulations made by credible entities related to

HEALTHINF 2019 - 12th International Conference on Health Informatics

the app content specially those created for sensitive

and vulnerable groups of people.

Future work includes the integration of iOS apps

in the study as well as re-applying the same methods

to a larger sample, within the same domain.

ACKNOWLEDGEMENTS

This article was supported by FCT through the

Project TagUBig - Taming Your Big Data

(IF/00693/2015) from Researcher FCT Program

funded by National Funds through FCT - Fundação

para a Ciência e a Tecnologia.

REFERENCES

Alzheimer's Disease International, 2015. The Global

Impact of Dementia: An analysis of prevalence, incid

ence, cost and trends. World Alzheimer Report 2015.

Alzheimer Portugal, 2018. A Doença de Alzheimer, 2018.

Available online: https://alzheimerportugal.org

[Accessed 23/08/2018].

Alzheimer’s Association, 2018. What Is Dementia?, 2018.

Available online: https://www.alz.org [Accessed

23/08/2018].

Armontrout, J. A., Torous, J., Cohen, M., McNiel, D. E. and

Binder, R., 2018. Current regulation of mobile mental

health applications. Journal of the American Academy

of Psychiatry and the Law, 46(2), 204-211.

Astell, A., Alm, N., Gowans, G., Ellis, M., Dye, R. and

Vaughan, P., 2008. Involving older people with

dementia and their carers in designing computer based

support systems: some methodological considerations.

Universal Access in the Information Society, 8(1), 49.

Bakker, D., Kazantzis, N., Rickwood, D. and Rickard, N.,

2016. Mental Health Smartphone Apps: Review and

Evidence-Based Recommendations for Future

Developments. JMIR Ment Health, 3(1), e7.

CNPD, 2017. 10 Medidas para preparar a aplicação do

regulamento europeu de proteção de dados, 2017.

Available online: https://www.cnpd.pt/bin/rgpd/

10_Medidas_para_preparar_RGPD_CNPD.pdf

[Accessed 08/01/2018].

EDPS, 2016. Guidelines on the protection of personal data

processed by mobile applications.

European Commission, 2018. The GDPR: new opportuni-

ties, new obligations, 2018. Available online: https://

ec.europa.eu/commission/sites/beta-political/files/data-

protection-factsheet-sme-obligations_en.pdf [Accessed

04/12/2018].

European Union, 2016. Regulation (EU) 2016/679 of the

European Parliament and of the Council L 119. Official

Journal of the European Union.

GDPR, 2017. GDPR key changes, 2017. Available online:

https://www.eugdpr.org/the-regulation.html [Accessed

06/11/2017].

Instituto Nacional de Estatística, 2016. The proportion of

mobile internet users doubled in 4 years

Krempel, E. and Beyerer, J., 2018. The EU General Data

Protection Regulation and its Effects on Designing

Assistive Environments, Proceedings of the 11th

PErvasive Technologies Related to Assistive

Environments Conference. Corfu, Greece, 3201567:

ACM, 327-330.

Mirkovic, J., Bryhni, H. and Ruland, C. M., 2011. Secure

solution for mobile access to patient's health care

record, 2011 IEEE 13th International Conference on e-

Health Networking, Applications and Services. 13-15

June 2011.

Papageorgiou, A., Strigkos, M., Politou, E., Alepis, E.,

Solanas, A. and Patsakis, C., 2018. Security and

Privacy Analysis of Mobile Health Applications: The

Alarming State of Practice. IEEE Access, 6, 9390-9403.

Rosenfeld, L., Torous, J. and Vahia, I., 2017. Data Security

and Privacy in Apps for Dementia: An Analysis of

Existing Privacy Policies, 25.

Statista, 2018. Number of available applications in the

Google Play Store from December 2009 to December

2018, 2018. Available online: https://www.statista.

com/statistics/266210/number-of-available-application

s-in-the-google-play-store/ [Accessed 05/12/2018].

UKS Mobility, 2016. 25 Useful Apps for Dementia Patients

and Carers, 2016. Available online: https://www.

uksmobility.co.uk/blog/2016/07/25-useful-apps-for-

dementia-patients-and-carers [Accessed 30/08/2018].

Yamagata, C., Coppola, J. F., Kowtko, M. and Joyce, S.,

2013. Mobile app development and usability research

to help dementia and Alzheimer patients, 2013 IEEE

Long Island Systems, Applications and Technology

Conference (LISAT). 3-3 May 2013.

Yasini, M. and Marchand, G., 2015. Mobile Health

Applications, in the Absence of an Authentic

Regulation, Does the Usability Score Correlate with a

Better Medical Reliability? Stud Health Technol

Inform, 216, 127-31.

Mobile Apps for People with Dementia: Are They Compliant with the General Data Protection Regulation (GDPR)?