Wearable Technology Increases Need for Data Protection Reform

Posted by: Kyle Sol Johnson

April 18, 2015

wearablesWearable technology such as the new Apple Watch, Google Glass, and exercise tools like FitBit appear to be the next frontier in personal consumer tech. The $14 billion dollar industry is projected to quintuple over the next decade. The primary sector in this industry is the healthcare sector, and indeed, products that monitor everything from heart rate to weight to frequency and intensity of exercise stand to revolutionize the medical (and medical insurance) industries. However the same informatics which allow the technologies to be used for near-constant health monitoring comes at the expense of consumers’ privacy.

Many of the free apps and wearables that allow users to monitor health data also transmit said data, much of it personally identifiable and in many cases with no encryption whatsoever. This opens users up to a host of potential risks, included identity theft, minority profiling, stalking, and employer misuse. Moreover, the vast majority of free apps sell the user-generated information to interested third parties like healthcare providers, insurance companies, marketing firms, and even employers. Most apps claim that they won’t share personal information without consent, however they still sell the data, just with the names of users stripped from the rest of the information.

This data is already being used by employers seeking to reduce group insurance costs, and may soon be utilized to directly adjust insurance premiums based on the health of the insurance holder. Governments may also get in on the game, giving tax breaks for citizens who demonstrably maintain healthy lifestyles. There are other implications as well — in Canada FitBit data has already been used as evidence in a personal injury case.

18 U.S.C. § 2701 already protects consumers (and corporations) from the unlawful unauthorized access of electronic communication services, but there is no law outside of the market that stop companies from selling information obtained by use of their products. This is especially true since most every company offering a free app or product includes a clause in their terms of use expressly for that purpose. At the moment, user recourse is limited to simply not using the apps if they are unwilling to have their personally identifiable information transferred to interested third parties.

HIPAA privacy regulations do not yet apply to this type of data because it is not shared with a doctor, hospital, or third party vendor (insurance). States may treat this data as Protected Health Information (PHI) in the future, but as with any state regulation it may not be uniformly or quickly adopted. Unlike in the UK, the US does not have a robust federal data protection law. Instead there is a patchwork field of state and federal law and agency guidelines. The FTC has, however, gone after companies over sharing geolocation data without notice and consent and failing to provide reasonable security measures.

In 2014 the Personal Data Protection and Breach Accountability Act and the Data Broker Accountability and Protection Act were introduced in the Senate. The former would have required companies to implement programs to ensure the privacy, security, and confidentiality of personally identifiable information. The later would have required data brokers to establish reasonable measures to maximize the accuracy of the information it collects as well as offering consumers the right to review the collected data. Further it would have required brokers to create opt-out options from the sharing of PII with marketing firms. Neither bill was enacted.

But wearable technology doesn’t simply pose privacy risks to consumers. Products like Google Glass can allow employees to surreptitiously record meetings to be used in legal proceedings. Scarier still to employers, such recording technology can be used to by employees to accidentally or purposefully record proprietary trade secrets or intellectual property. Once such information spreads to the internet it is difficult to contain, and, if it spreads far enough, obviates the trade secret protection.

The prospects of wearable technology catalyze the already growing need for comprehensive data protection reform. The federal government should move to make comprehensive data protection reforms without crippling the ability of states to take stricter requirement standards, particularly in the fields of health and geolocation data.




Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s