Fitness Trackers are Changing Online Privacy — and It's Time to Pay Attention

Wearable devices such as fitness trackers are all the rage. In the rush to get them to market, though, manufacturers haven't always paid attention to security and privacy — and in the rush to get moving, neither have consumers.

1 2 Page 2
Page 2 of 2

Wearables, Fitness Trackers and Privacy 

The concept of privacy in the modern world is ever changing. User expectations vary widely based on age, culture, geographic location and a variety of other factors. Younger Americans sign up for new social networking services every day and share the most mundane details of their lives without a second thought.

The risks associated with wearables are similar to those of smartphones, tablets and mobile apps that collect and store personal information. However, wearables are different, according to Symantec's Haley, because of the kinds and volume of data they collect. This includes, but isn't limited to, email addresses, logins, passwords and other credentials; steps; heart-rate information; physical addresses, routes travelled and other location data; sleep habits, and height and weight details.

"It's the nature of the data that's being collected," Haley says. "This is really getting to the essence of our being. It's hard to believe people are willing to share all this stuff, especially around health."

Haley says people need to think about what could be done with their information in the future when they decide to give some random device or service permission to store data. "In five years, we'll discover it's being used in ways we couldn't have guessed. In the short term, people may not care if people know how much they weigh, but…we may not ultimately want people to have that information."

The EFF's Gillula is concerned with the digital "paper trail" all this wearable-related data collection creates and suggests that it could eventually be used against the users.

wearable privacy Wikimedia/Thinkstock

"Having more information about yourself also means that other people could potentially have a lot more information about you, too," he says. "And you may not have control over how that information gets used."

Gillula worries about how law enforcement could eventually use the data collected by fitness trackers and other wearables.

"If for some reason you were suspected of something, the government could compel a company to provide data. It's one more trail of data, and just as much as it could be used to help you, it could be used against you," Gillula says. "It's not that I'm concerned about the government maliciously going after people, but where there's a ton of data and a ton of bureaucracy, it's not that difficult for someone to get unintentionally caught up in it."

There's also a notable absence of laws governing the makers or wearable gadgets and fitness trackers and restricting what they can collect and do with user data — though one N.Y. senator recently called on the FTC to investigate the data collection and sharing practices of fitness device makers and app developers.

The best place to begin protecting your privacy when using wearables is a manufacturer or provider's privacy policy. Unfortunately, most privacy policies aren't exactly consumer-friendly. (For more details on wearable-tech privacy policies, read: "How to Read (and Actually Understand) a Wearable Tech Privacy Policy.")

 "They're geared towards regulatory concerns, so they're sometimes very complicated and long," Intel's Zefo says. "For the average user, they're a little bit difficult to cut through." 

Even if you can't understand or dissect a company's privacy policy, it's a good idea to make sure they offer one. In fact, Symantec's Haley says checking to see that a policy exists is "even more important than actually reading it."

Adds Gillula: "If you look for a privacy policy and can't easily find one on a provider's website, you may want to be wary of handing over your personal data."

Of all the popular fitness apps Symantec examined in its report on the quantified self movement, more than half (52 percent) didn't offer privacy policies.

"Most companies should realize by now that it's an important thing to do," Gillula says. "If a privacy policy isn't readily available, I would definitely shy away from that. It indicates that they're not taking privacy very seriously."

Of course, not everyone thinks you need to worry about the security and privacy of your fitness data. And some people may choose not to read any privacy policies.

Florian Gschwandtner isn't worried about privacy. He's the CEO of Runtastic, which makes a number of fitness tracking devices, including the new Orbit fitness band and a connected scale called Libra, as well as a collection of fitness apps for iOS, Android, Windows Phone and BlackBerry.

Gschwandtner has been using fitness trackers for years and has experimented with many of the most popular options, but privacy has never been a concern.

"I never really cared about data [collection]. I'm happy to share it," he says. "I see both sides of it, but I see more benefits than risk. The important thing is that the end user decides what they want to do with the data and with whom they share the data."

When asked specifically about privacy policies, Gschwandtner says, "It's almost impossible for users to read and understand privacy policies. All of the [services] I use, it doesn't matter if it's Netlfix or whatever, I don't read privacy policies. I wouldn't understand it without a lawyer."

The Runtastic CEO was clear, though, that his company takes data security and privacy seriously. Whenever Runtastic collects data, it gets approval first via opt-in options. To Runtastic's credit, it makes its privacy policy easy to find — there is a link to the policy, in all capital letters, at the bottom of the company's home page.

Wearables and fitness trackers undeniably shine a new light on the challenge of securing all of the information we allow our devices to collect. It may be time to think differently about privacy and the way you use tracking device in the future – but it's not time to panic, either.

"I don't think you need to go to extremes. Take basic precautions," Haley says. "Use a good password. Don't have things [like Wi-Fi and Bluetooth] turned on if they don't need to be. Don't make [your device] personally identifiable. Don't share info on social media sites…Those are the simple things that go a long way.


Copyright © 2014 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 secrets of successful remote IT teams