Wearer be warned: your fitness data may be sold or used against you

When digital device users connect to cloud storage or developers’ data archives, they lose control of their data. LZF/Shutterstock

People interested in tracking their health, physical activity levels and body functions can now choose from a plethora of sensor-embedded digital gadgets to monitor and measure their bodies. But the big question for many users is how their personal health and medical data are used.

The Apple Watch, announced in detail yesterday, is just the latest among an array of wearable technologies using built-in sensors. Apple’s iOS 8 Health app provides a “dashboard” of health and fitness data for self-trackers. Apple has also developed a tool for developers, the HealthKit.

The Apple Watch monitors bodily functions using built-in sensors. EPA/Monica Davey

When self-tracking was an activity limited to jotting notes down in a paper journal or diary, this information could easily be kept private. No-one else could know the finer details of one’s sleeping or bowel habits, sex life, diet, heart rate, body weight or efforts to give up smoking.

However when people use digital devices that connect to computing cloud storage facilities or developers’ data archives, the user no longer owns or control their own data. This personal and often very private information becomes part of vast digital data collections that are increasingly used by actors and agents in many different social domains.

Personal health and medical data is now used for much more than just gathering information on oneself for one’s own private reasons. This information is a commodity that can be used for commercial, managerial and governmental purposes and on-sold to third parties.

The US Federal Trade Commission, for example, recently found that 12 health and fitness apps shared user data with a total of 76 third parties. These data in some cases included geolocation, gender, names and email addresses, exercise and diet habits and medical symptom searches.

Personal health information is commercially valuable. Shawn Campbell/Flickr, CC BY

Self-tracking devices are now often used as surveillance technologies by organisations that are interested in monitoring people’s health and medical information.

Health and life insurance companies in the United States are beginning to use financial incentives to encourage their customers to use digital self-tracking devices. The data that are generated are used by the companies to calculate risk and customise their premiums for each individual customer.

Some wearable tech developers have arrangements in place with workplaces to support wellness programs using self-tracking technologies.

Even the customer loyalty programs of some retailers are now incorporating members’ digitally-tracked personal health data into their rewards systems.

New forms of discrimination are potentially created by the use of personal health data by other parties. The Federal Trade Commission’s report noted that combining personal data sets can lead to users being re-identified even when the data were originally anonymous.

This could have serious repercussions. People may be denied credit, housing, employment or insurance, for example, if their medical data were readily accessible.

Not only are personal data now used by second and third parties, the security of these data are in question. We know from the recent hacking into Apple’s iCloud allowing access to celebrities’ private nude photos that such digital storage facilities are not as secure as many users assume.

A report published by the US Privacy Rights Clearinghouse found that mobile health and fitness app developers often have no privacy policy and send the data uploaded by app users to undisclosed third parties. Few of these developers encrypted all data connections and transmissions between the app and developer’s website.

In response to concerns about self-trackers’ control of their personal data there have been calls for better access. One of the founders of the Quantified Self movement, Gary Wolf, recently released a statement on its website announcing a campaign on this issue. He wrote that:

Now is the time to work hard to insure that the data we collect about ourselves using any kind of commercial, noncommercial, medical, or social service ought to be accessible to ourselves, as well as to our families, caregivers, and collaborators, in common formats using convenient protocols.

While this is a worthy initiative, the question remains as to how users can challenge the vast power of the internet empires like Apple, Google and Facebook.

People need to think twice before downloading apps or using wearable devices if they are concerned about what happens to their personal health and medical information.

Read privacy policies and terms of use statements carefully for what they reveal about the developers’ use of personal data. If, as so often is the case, the developer does not include these details, then it may simply be a case of “user beware”.