The Future of Privacy Forum recently published an excellent whitepaper on the discussion of privacy and data security in the wearables market:
Throughout the United States and around the world, consumers are beginning to rely on devices and technologies that take advantage of the Internet of Things, the growing network of connected objects uniting the digital and physical worlds. Within the Internet of Things market, one of the fastest growing segments is wearable devices, estimated to grow from 22 million shipments in 2014 to 135 million by 2018. Fitness bands and smartwatches are the most popular wearables today, but smart clothing, glasses, jewelry, clip-ons and wearable cameras, among others, are all poised for rapid consumer adoption in the coming years.
Designed for ubiquitous use wearables are highly personalized devices that hold the potential to greatly improve consumers’ lives – but also the potential to raise new privacy and security risks. Responding to consumer desires and demand, wearable devices deploy a wide range of sensors to collect new or increasingly sensitive environmental, behavioral and social data for and from their users. Data output from these devices is already generating substantial benefits for individual users and society generally, such as helping individuals manage their fitness, exercise and biofeedback, improving personal productivity and efficiency, and making other technologies simpler and easier to use.4 In general, proponents of measuring ordinary life and the “Quantified Self” believe that technological self-tracking, such as through wearable devices, will enable new fronts for self-knowledge and self-advancement. 5 That same data, if not properly protected, or if used in unethical or illegal ways, could be used to put individuals’ privacy at risk. Critics worry that consumers could find themselves discriminated against by employers or insurers on the basis of their self-generated information, or have their reputations damaged or their safety put at risk by a data breach.
At this early stage in their development, it is difficult to fully predict what the opportunities or risks of wearable devices will be. In many cases, traditional Fair Information Privacy Practices (FIPPs) will aptly address wearables’ privacy and security issues, because there will be opportunities for familiar consumer notice and choice mechanisms and other key privacy elements. In other cases, however, there will need to be more common sense applications of these elements.
As the FTC Chairwoman Edith Ramirez recently noted, “We are on the cusp of a new technological revolution” with “an important opportunity to ensure that new technologies with the potential to provide enormous benefits develop in a way that also protects consumer information.” We agree that important steps can be taken now to address privacy and security issues in the evolving world of wearables. However, rigid or premature reactions to wearable devices risks both over- and under-protecting individuals’ privacy at great cost to innovation and society. We must recognize the complexity of this innovative industry and adapt our protections accordingly to encourage the evolution of equally innovative data protection methods. This paper examines the need for forward-thinking, flexible applications of traditional privacy principles and protections to safeguard individual privacy while wearable technologies and norms continue to mature.