From steps to Zzzs, wearables such as smartwatches and fitness trackers can, literally, monitor one’s every move. For many, the buzz from wearables is undeniable. But as their popularity and technology increases, is the focus on consumer privacy and security keeping pace? Critics say no.
Ars Technica recently highlighted an interesting case on heart data and privacy. When a Middletown, Ohio, man’s house burned down in 2016, he described to police the multiple steps he took to exit the premises and shared that he had an artificial heart. Suspicious of his story, police obtained a warrant for his pacemaker’s data, which revealed, according to a cardiologist who reviewed it, that the homeowner’s story was “highly improbable.” This and “other key pieces of evidence” led to his indictment on arson and insurance fraud charges. Civil rights advocates found the use of personal medical data in a court case concerning. This is part of a larger concern over the security of personal data collected from wearables.
In a Law Practice Today post, author Zainab Hussain dives into wearables’ legal issues. As the industry grows, he says, the legal community must address both intellectual property concerns as well as consumer data security and privacy concerns. The personal information that wearables collect and store can include health, financial and location data, all of which are considered highly valuable. It is possible, says Hussain, to identify the person the data belongs to. This information can be used for range from the “more innocuous” like advertising to the “nefarious” like health insurers quoting the user higher rates or even outright canceling a policy based on the personal information they have obtained that was possibly sold, stolen or leaked through a data breach. The potential for such a breach is so high, says Hussain, that many companies are purchasing cyber insurance to protect themselves from liability.
An in-depth Tech Republic cover story digs deeper into “the dark side of wearbles.” Like the buzz we mentioned at the beginning of this post, the author Teena Maddox calls wearables’ presence and potential in our lives so seductive that it can “make it easy to forget, or ignore, the inherent security and privacy risks involved.”
Maddox invites the user to consider just what is the final destination is of his or her data that’s been collected by the wearable company. What happens if that same company goes out of business or if laws are passed that change access to the data which users were so quick to give up when they purchased the wearable to begin with?
Protecting one’s privacy is in the consumer’s hands. Maddox quotes Josh Lifton, MIT Media Lab Ph.D. and CEO of Crowd Supply, “If you want to be considered an individual and not just a data point, then it’s in your interest to protect your privacy.”
But Maddox also offers that protecting consumers’ privacy is in the manufacturer’s hands as well. In the rush to get a product to market, manufacturers can make wearables more vulnerable to attack. In the end, that speed can be costly. Maddox quotes Tatiana Melnik, a healthcare IT and data security attorney, “Companies need to build privacy and security into their existing development process.”
Janice Phaik Lin Goh, an attorney at Arent Fox LLP, agrees that the responsibility starts with the manufacturer. In her article posted on the American Bar Association’s site, she states, “In the absence of express legislation or regulations around consumer privacy and security in the wearables space, industry solutions can step in to help safeguard privacy and security.” By implementing adequate safeguards, says Goh, as well as delivering greater choice and transparency, the wearable industry can build trust in the marketplace.
Time’s up. Breaaathe.
For a closer look at how corporate counsel can think about consumer privacy in the early stages of design, read part II of this blog series: Trying on Privacy by Design.