Friend or Foe?

The Double Life of a Fitness Tracking Device!

Published on May 20, 2015 | By Mark NeJame - Orlando Litigation Attorney; Vanessa Braeley contributed to this article.

Fitness trackers are really very simple: they count steps; measure sleep; analyze your diet and tabulate metrics such as heart rate, blood oxygen levels, skin temperature, perspiration, body weight and body mass. The aggregate of all this information provides astounding information about one’s overall health and daily habits.

Thing is, this information isn’t being provided to just the user. Third party companies also have access to your personal health information, and they’re paying a lot of money for it. The privacy controversy surrounding these health trackers has been a cause for concern by the government in the past and continues to be a topic addressed by lobbyists.

In May of 2014, the FTC held a meeting about these fitness trackers and healthcare apps, focusing on statistics of exactly how much of this information is being bought, who the purchasers of the health databases are, and the privacy protections, consents and disclaimers that should be available to every user of fitness trackers and healthcare apps.

The FTC studied 43 different fitness trackers and health apps (wearables not included) and found:

• 26% of the free apps and 40% of the paid apps did not have a privacy policy
• 39% of the free apps and 30% of the paid apps sent data to someone not disclosed by the developer either in-app or in any privacy policy they found
• 13% of the free apps and 10% of the paid apps encrypted all data connections between the app and the developer’s website.

One app tested transmitted information to eighteen (18) different third-parties. That information included device information, consumer specific information (name, email, user name), workout and diet information. Twenty-two (22) of the observed third parties were able to obtain the following information: exercise, diet, medical and symptom search information, zip code, location, and gender. Scary, right?

Even scarier is how the information gets used. The third-parties are able to aggregate the information, which provides them with a database on you, the consumer, and all your health issues, habits, dietary restrictions and the like. Generally, you must give your consent to share your personal health information pursuant to privacy laws, but quite a handful of these apps don’t offer a privacy policy. Voila, the third-parties have circumvented the privacy laws. Once they obtain their data on you, they can do what they want with it. Astounding!

This may sound like Big Brother, but this time the government is on our side. This is a hot topic on Capitol Hill, with companies like Fitbit hiring lobbyists to respond to mounting concerns about health privacy law. With the Apple Watch and Apple’s Healthkit making its debut on the market, health data-sharing concerns are at an all-time high. And while there are some protections in place, (a few laws prohibit the sale of health data to insurance companies to prevent unfair consumer discrimination); lawmakers are concerned the privacy policy requirements are not evolving as fast as the technology.

So before you become part of the world’s largest healthcare experiment, make sure there are privacy policies protecting your information on all health and fitness apps, gadgets and widgets. And for crying out loud, read the fine print!