The Swiss data protection commissioner says that Switzerland will struggle to exert any power over the makers of fitness trackers and wearable tech when it comes to data security and privacy.
“Switzerland can of course improve its data protection laws, that’s needed but it’s not enough if Switzerland does this on its own – we need the same movement in the wider European context,” said Hanspeter Thür told swissinfo.ch.
He sees an opportunity to make companies comply with tighter regulations on privacy at the point where they want to distribute their product in Europe.
Fitness bands or watches that track everything from your daily steps taken to the number of minutes you sleep each night are giving their users stacks of data about themselves and how they live. But once this data has been generated, many users are clueless as to where it is stored and even who owns the information.
Most of the main competitors in the wearable tech fitness market are based outside of Switzerland – Fitbit, Jawbone, Polar, to name a few.
“Each person who uses a fitness wearable has to take responsibility, they can’t just shrug their shoulders and ‘do nothing’,” said Thür, speaking after a panel discussion on the topic in Bern.
Whether a GPS watch with a heart rate monitor or a simple wristband that tracks steps, the data from a wide range of fitness wearables now on the market all has to go somewhere. The trouble is, many users don’t know where it is stored or who has the right to use it.
Information from these devices is generally stored in a cloud.
“These devices are dangerous things if we don’t use them in the right way, if we’re not well informed.”
Thür believes that the lack of data protection surrounding a growing field of information that we make available about ourselves is ripe for abuse – from companies selling on mass data, to health insurers making judgements or demands based on what can be unreliable information.
How is the data used?
In 2013 oil company BP offered employees and their significant others in the US the fitness band, Fitbit. The goal was to encourage people to become healthier, saving the company money on employer-supported health plans.
While this might seem like a win-win situation, where to draw the line in a Swiss context is an important question for Thür. “You have to be careful about which conditions are put on the basic health insurance, health is not just about steps taken or sleep,” he said.
If insurance companies buy the data we generate, they could begin to discriminate against those who don’t provide such information or those who don’t perform well enough in the face of daily step targets. After high-profile cases of private images stored in apple’s iCloud being made public by hackers, the security of cloud storage where files and sets of data are kept on giant servers and accessible via the internet, has become more of a concern for many people.
But how to balance a need for privacy with the benefits and opportunities wearable tech and fitness trackers or even apps, provide?
“The benefits depend on what your goals are for using the fitness tracker. For many people it can mean they know a lot more about themselves,” Henning Müller, professor of e-Health at the Sierre University of Applied Sciences told swissinfo.ch. “The risks are linked to the exact data we reveal and where it is stored. The biggest risks come from sharing the data, and connecting different data sources.”
Müller uses health data, primarily for people with existing health issues, such as obesity or prosthetic limbs. He would like to see people given more choice to opt in or out of sharing their data anonymously, to help medical research. He also believes “continuity of data, an export function and the right to delete all data” are all important factors that need to be made a part of the fitness wearables system.
“People should be able to take their data with them, between different devices, and to be able to give it to a doctor that they trust.”
Jean Christophe Schwaab from the leftwing Social Democratic Party believes that although the data we allow one device or app to collect on us is relatively banal, a combination of different sources may provide quite a different profile of a person, more detailed than we realise.
In a world where sharing is the norm, seeking out ways to keep data private, whether that be your current weight or the start and end point of your weekly run, can be a time consuming operation for the average person.
Schwaab wants to see “privacy by default” become standard practice for makers of wearable fitness trackers.
In compliance with the JTI standards