Risks on Your Wrists?

by Shraddha Shenoy

Have you been nailing your daily goal of completing 10,000 steps?! It’s an abounding feeling when your wearable fitness device vibrates to inform you about hitting the day’s fitness goal. Just like how apps, trackers, and fitness wearable devices are excellent motivators for you, they are equally adored for their privacy apertures and vulnerabilities. Don’t rush into discarding your expensive watch yet, a little awareness and alertness will go a long way. The recent past has seen a rapid expansion in the usage of wearable technology and also its commercial availability due to technological development which has trivialized these wearables to better fit into the everyday life of the masses. As much as the industry for fitness trackers has witnessed growth, the scale at which extensive health-related user data is collected by these smart devices has multiplied exponentially.

The greatest issue with wearables arises from the amount of data that gets captured on these devices. Several of these devices have access to real-time health and other related data about the users. This data can be effectively used to generate health profiles of each user if data is not de-identified. The revelation of such personal health data can have a negative impact on more than one aspect of that individual’s life. While we look into the negative impact of this, the benefits that society can derive from this data cannot be overlooked. Health-related data processing is not just limited to providing insights to users. It can also be a powerful aid to medical research. If the processed data is de-identified. Such data provided to medical professionals for research can be used to prompt great advancements. This data is also of great value to several other companies. It is therefore important to assess the privacy concerns arising from the collection of both health and non-health data on these trackers and the de-identification of this data. Devices such as wearables confer new challenges to conventional privacy protection. The development and evolution of these devices are so fast-paced that they demand the rethinking of some principles of privacy that are uniformly applied to devices during policymaking. A concept vulnerable to ineffectiveness in this domain is notice and consent. Notice and consent and privacy policies are an integral part of privacy frameworks including the latest data protection laws. However, most fitness trackers track a variety of parameters continuously which challenges the notice and consent model. If consent is to be taken for every data set captured with notice, it would lead to a high volume of notices which would lead to consent fatigue in users. Consent fatigue refers to users being overwhelmed by the volume of consent requests and leading to users not paying attention to the notice while giving consent. A vital issue with the notice and consent model in the healthcare sector is ensuring consent is informed. Often, users do not understand the extent of information that can be gleaned about them by processing the data they have consented to give. This lack of comprehension is pronounced in the healthcare sector as subject knowledge is required to fully assess the potential of data that a user consents to give.

A privacy issue common to most devices is ensuring the irreversible de-identification of data. De-identification of data refers to the process of decoupling data about a user from the personal identifiers that may be used to identify a user. This issue is vital in allowing user-generated data to inform medical research. Even if extensive health data is being collected about a user, it is not particularly damaging if the data cannot be linked back to the individual who generated it. This will allow for the generation of trends but will prevent profiling. Most fitness band companies collect a wealth of personal data about users in addition to health data and security measures must be used not just at the company server level but also with third-party processors to ensure the two data sets cannot be correlated.

Several wearable devices in the market have voice command functions enabled on them. These allow the microphone to be on several times through a single consent form obtained from the user at the time of configuration. Due to this, such devices pose a threat to bystander privacy. While users themselves may have consented to allow their conversations to be overheard by the device, bystanders may not have entered into the same consent agreement with the company. These issues cannot be resolved by institutional regulations alone. User awareness goes a long way. Purchasing your smartwatch from a reputable company can help improve your security. It is imperative to read and scrutinize the policies and app permissions thoroughly before you hit ‘Accept’.

About the Author:

Shraddha Shenoy is an Advocate by profession with over a decade of experience in entrepreneurship, the Founder & Director of Lex Mandamus LLP. She was awarded the ‘Women Leadership Award 2022’ channelised through Zee News.  She has also received prominence as one of the champions of change, instrumental in accelerating a virtuous cycle of gender equality at ‘The Women on a Mission Summit 2022’ which was an international summit by ‘HerStory’. She was also nominated in the ‘2022 Female Entrepreneur To Watch’ category by the prestigious ‘Woman Entrepreneur’ magazine, New Zealand, and the ‘Indian Achiever’s Award 2021’ by the Indian Achievers’ Forum & CSR Times.

Comments are closed.