Fitness Tracking & Privacy Concerns

In a previous article, we wrote about how the wearable technology market is booming. In fact, it’s currently estimated at $14 billion and increasing steadily. By 2018, AB Research estimates that more than 485 million wearable devices will ship each year.

One high profile segment of the market is made up of fitness trackers. Earlier this year, Symantec took a closer look at this particular market in its whitepaper, How Safe is your Quantified-Self? This study looks at the entire fitness tracking movement, from dedicated devices like the Fitbit or Jawbone, to apps that utilize a smartphone’s inbuilt sensors, and even programs that require a user to input information manually.

Symantec’s report sketches out a new market segment that requires better and more stringent information protection. The writers not that the kinds of information being collected by what it deems ‘self-trackers’ differs substantially from more traditional personal information, such as name, date of birth, or address. Self-tracking information can be as varied as weight, BPM, sleep times, location data, or even things as personal as sexual activity, emotional state or drinking habits.

Some security issues

Of course, with the collection of such personal information, a number of risks and concerns will naturally arise. After all, many of the latest gadgets are designed to collect and analyze the most sensitive data. A major concern is what happens to your data after the fitness tracker or smart watch collects it. Is the company secretly selling user data to insurance companies, so that they can track exercise habits, weight fluctuations, alcohol intake or other personal health statistics? Would the insurance companies then adjust premiums according to these stats?

The Symantec report identified some of the most troublesome areas:

  • Vulnerable location tracking
  • Poor password protection
  • Lack of privacy policy
  • Unintentional data leakage

While Symantec was able to identify these areas for improvement, it didn’t offer too many new recommendations to users of such fitness tracking apps and devices, other than the expected “use strong passwords” and “be careful about social sharing.”

For now, the responsibility seems to be that of app developers and device manufacturers to secure session management, follow best practices for secure passwords and improve protocols for transmission of secure data.

Value of data collection

It’s clear that the real value of today’s wearable technology lies in data collection and the subsequent analysis and correlation of that information. At the Wearable Tech Expo in New York City earlier this summer, Pebble’s Chief Product Evangelist, Myriam Joire commented:

“You need to trust the tech world right now and give us your data. If you want intelligent context, you need to give us your data… Privacy and security are super important, but we also need to start to trust our technology.”

While it’s obvious that users of wearable technology should be vigilant and skeptical of the companies they share their personal data with, it’s almost certain that the vast majority of people don’t read app or service privacy policies before handing over email addresses, user names, passwords, location data, biometrics and other potentially sensitive data. Most users have no clue what’s actually happening to their data. They will also often connect their core services with other random apps to share their progress and stats, which will only compound the issue.

Privacy Policies

So a pretty obvious solution is for users to read their privacy policies. This may prove to be a greater challenge than one might anticipate. Even Florian Gschwandtner, CEO of Runtastic, maker of several fitness tracking devices, admits,

“It’s almost impossible for users to read and understand privacy policies. All of the [services] I use, it doesn’t matter if it’s Netflix or whatever, I don’t read privacy policies. I wouldn’t understand it without a lawyer.”


This article takes a closer look at wearable technology, particularly the fitness tracking devices and apps that are taking the market by storm.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:

  • Data collection (I.C.)
  • Privacy expectations (II.A.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>