Growing interest in smartwatches has sparked user privacy concerns as companies find ways to collect and use personal health, location and purchasing data found on the wearable devices of their customers and workers.
"Consumers need to demand, at a minimum, clear information about what exactly the collected information will be used for," said Irina Raicu, director of Internet ethics at the Markkula Center for Applied Ethics at Santa Clara University in an email. "The broader privacy concern is that information collected from various [wearable] sources is increasingly being combined to create profiles from individual users and draw inferences about their future actions, preferences, etc."
Some experts worry that a smartwatch user's health and fitness stats, location or buying habits could be discovered and later used against the owner -- to deny a work promotion or an insurance claim or to cause any number of other problems. The question isn't whether the personal data is being collected -- it already is, increasingly -- but how the parties collecting the information use the data.
Part of the problem is that users expect their personal information to remain anonymous when, in fact, there isn't good or widespread technology to anonymize data, said Forrester analyst Fatemeh Khatibloo.
"Consumers are beginning to expect this kind of data sharing from a wearable or any other Internet of Things device, with the assumption that a company will attempt to anonymize the data and aggregate it and sell it, but is not going to sell the PII" -- the personally identifiable information, Khatibloo said in a telephone interview.
In theory, a smartwatch vendor or other party could collect huge masses of personal data from millions of smartwatch users to create an audience segment that is then sold to a data management platform without including PII. "Then, somebody could send those users an ad for weight-loss stuff, but that gets a bit sketchy because we don't have really good tech that anonymizes data," Khatibloo explained.
"There's data collection and data use, and if we're being upfront, businesses need to have a much clearer data use policy. If they are collecting data, they are creating risk," Khatibloo said.
Government action urged
A government entity, particularly in the U.S., needs to step in before it's too late, Khatibloo said. If a company didn't get permission to use a person's data, there should be significant fines, she argued. "It has to be a government role; I don't think self-regulating trade bodies will do that effectively," she said.
Privacy experts have taken to heart last year's instance of a personal injury lawyer who used a Canadian woman's Fitbit data to show how an accident had affected her ability to work. The lawyer relied on analytics software from Vivametrica, which tracked the woman's physical activity.
Sign up for Computerworld eNewsletters.