Blog Post

Privacy - From the Inside Out

Wearable technologies can track an incredible amount of biometric information - heart rate, blood pressure and sleep habits are but a few. Some can track sexual activities (in at least one case, much to the dismay of the users, the results of these activities were posted online and searchable).

We are seeing the development of wearable technologies that analyze sweat which could be used to replace certain blood tests. It is real-time data, highly personal and highly sensitive. It is similar to information that a person's doctor would collect and yet the wearable technology industry is regulated by very different rules than medical industry.

There is a tremendous benefit from using some wearable technologies. A recent report from PwC reveals that health is a major motivator for wearable consumers. The report also found that privacy concerns are becoming less and less of a deterrent. This is great news for insurance companies that wish to utilize the data harvested from widespread usage of wearable devices.

In February, Manulife announced that they will be introducing a policy that involves wearing a fitness tracker to save money on life insurance. Insureds will earn points when they reach exercise milestones, and in return for their healthy lifestyle, they will be rewarded with discounts on insurance. The personalized program is analogous to usage-based auto insurance programs, where drivers who speed less and brake smoothly are rewarded with savings if they install a telematics device on their vehicle. If tracking your car motivates you to become a better driver and tracking your body motivates you to become healthier, where is the harm? Are we at a place where if we don't want to wear health trackers, we will have to pay higher insurance premiums?

Fitness data could be also used to authenticate claims filed by the insured. A Canadian company called Vivametrica analyzes raw fitness and health data gathered by a single wearable device, in comparison to data from a bank of other wearable devices, to determine the standard for the average healthy user. In 2014, the services of Vivametrica were used to analyze data from a plaintiff's FitBit in a personal injury case in Calgary. In that case, the insured was relying on information to support her claim, but as an article from The Atlantic notes, insurance companies can request a court order to demand disclosure of wearable data to undermine a claim.

Other data that is worrisome to users of telematics and wearable devices is location data. In the context of fitness trackers and life insurance, it is easy to see how location data could get a user into trouble; if a user is tracked repeatedly visiting locations deemed by the insurer as "dangerous" or if the insured has filed a claim for disability and is tracked visiting locations that seemingly contradict that claim, this information could be used against the insured.

In a 2016 study published by Open Effect and Citizen Lab entitled "Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security," researchers tested the privacy precautions taken by popular wearable computing companies to protect user's Bluetooth data. The Apple Watch was the only device to randomize MAC addresses every ten minutes and when rebooted, making the tracking of a wearer more difficult. Other devices, including the popular Fitbit Charge HR and Jawbone UP 2, did nothing to protect the privacy of a wearer's location. Users unfamiliar with the ins and outs of Bluetooth technology are likely unaware that location data is even being gathered by a fitness tracker or that this information is stored by the makers of wearable devices.

As with any technology that collects personally identifiable information, there are trade-offs between the benefits and what a person has to 'give up' for those benefits. As long as the company informs the individuals of what information is being collected, how it will be used or shared and for what purposes (as well as complying with other requirements under privacy laws), and as long as it is truly a choice, then the adult individual can make that choice. We are not seeing that the individuals are given the information and, in some cases, they may not be given a realistic choice.   For instance, if the only way someone could afford health insurance is by wearing the health tracking device, is that truly a choice?

Very few know the depth of the information collected by wearable technologies. Most people also don't know where that information is sold or shared, what third parties might do with that information or that the information may be disclosed as part of court proceedings. This is certainly not a new issue in the information age, but there is a difference. We have entered into a realm where the information being collected is far more personal and far more sensitive than before. This information could be used or disclosed quite easily in a manner that could significantly harm the individual.

The future is extremely bright for wearable technologies as we have only started to understand the scope of application and potential benefits. There is also a tremendous upside to society with these technologies. What we're missing to date is a direct discussion about the implications of these technologies, the risks and, more importantly, how to manage them in way that benefit both the developers of the technologies and the users.