As smartwatches gain traction, personal data privacy worries mount

Companies could use wearables to track employees' fitness, or even their whereabouts

1 2 Page 2
Page 2 of 2

Gownder noted in a separate Forrester report that location data could be used to show how often an employee is moving to work with peers in order to determine if he or she is hitting a manager's benchmarks for collaboration.

Forrester's own research tends to bolster Salesforce's survey. More than half of 3,104 global technology decision makers that Forrester surveyed last year said wearables are a critical, high or moderate priority for their companies.

Growing public concerns with privacy

Contrasted with the corporate interest in wearables is the public's growing concern over personal privacy. Recent surveys by data privacy management company Truste found that 92% of U.S. Internet users worry about their online privacy and 91% said they would avoid companies that do not protect their users' privacy.

A complicating factor is that because smartwatches are relatively new and growing in popularity, it isn't clear to many buyers just how their personal data will be used or what the potential threats could be.

7 apple watch restart

EPIC, the Electronic Privacy Information Center, believes location data from smartwatches and others wearables is potentially insecure because a GPS or Bluetooth scanner could be used to track a person's whereabouts when the device is separated from a smartphone.

"Smartwatches make personal tracking a lot easier," said Julia Horwitz, director of EPIC's consumer privacy project.

Horwitz also warned workers to consider how fitness data from a smartwatch will be used by an employer in an attempt to lower the company's insurance costs. "Employees are told if they accept health data monitoring, they will get gift cards or other incentives," she said.

With so much personal data available from a smartwatch or similar smart device, a name or Social Security number isn't necessary to identify someone, even with the use of anonymization software, Horwitz said.

"As much granularity as there is in the [smartwatch] data, you can see where a person goes, where they work, what they are doing, and what they are purchasing in some cases so that you can identify someone very easily and uniquely," she said.

EPIC's general response to such threats has been to support strong privacy laws that aren't specific to any given device and that emphasize minimal collection of data from users while also requiring minimizing of the data once it's collected. That final point means not keeping huge files of data for long periods in hopes of selling it for ad or other revenues. Users also need the ability to access the data that's being kept about them, EPIC believes.

Some smartwatch vendor privacy protections

There's disagreement between experts over which smartwatch makers offer users the best privacy protections. Forrester's Khatibloo credited smartwatch maker Pebble, for example, for being upfront at least about its use of personal data. "You can own and control and even delete your data" with Pebble, she said.

Raicu, of Santa Clara University, noted that Apple requires approval by an institutional ethics review board for all the apps that use the company's ResearchKit, an open-source software platform for researchers and developers to make apps for use in medical studies. Apple's move "suggests that Apple takes seriously the potential of harm resulting from the user of such apps; other companies don't require such review," Raicu said.

apple watch on wrist 2 Rob Schultz

Gartner analyst Annette Zimmerman said many wearable vendors aren't transparent with users about what data is being shared from the apps on their smartwatches and wearables or where the data ends up. "Fitbit, for example, is not really clear at all what data I am sharing with my friends or with the whole universe of people who use a Fitbit," Zimmerman said. "There is much room for improvement at this stage."

Zimmerman said some smartwatches can show sensitive corporate email and calendar items when connected to a smartphone, and that capability can't always be wiped remotely via a company's device management software. For example, Zimmerman's personal Samsung Galaxy Note 4, when connected to her Samsung Gear S smartwatch, won't forward corporate emails to the smartwatch because of an Airwatch remote management system designed to provide greater security. Yet, when she uses her Apple Watch, she can get her corporate emails on that device, even with Airwatch in operation.

As always, buyer beware

With such confusion over uses of private data from smartwatches, analysts advise customers to beware.

"Consumers should only get wearables from a trusted source and where they know who is using their data and what they're doing with it," said Patrick Moorhead, an analyst at Moor Insights & Strategy.

"As we've seen through history, consumers are willing to sacrifice some level of privacy for a benefit. It's what has driven the Web through advertising and social media," Moorhead said. "I believe that consumers will get more savvy with their privacy, which could spell trouble for Google, Facebook and Amazon, who thrive on this kind of data."

As far as the U.S. government's ability to regulate uses of private data from smartwatches or other smart devices, there hasn't been much of a call to action, EPIC and others said.

In Germany, laws prevent a vendor from selling PII to a third party, unless the data has been completely anonymized, Zimmerman noted. "In the U.S., there is no federal law really, there's only a patchwork of laws. In general, you can do in the U.S. what is not allowed in Germany to sell this kind of data."

When smartwatch users expose their health data, financial transactions, location and other data to the cloud, "they should expect that the data is no longer their own and will be shared, mined and repurposed," warned Jack Gold, an analyst at J. Gold Associates.

"Consumers are leery of the lack of privacy and very much should be," Gold said. "Users should expect any app or cloud access to be less than private in the future if they want to get services, especially free services."

Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
 
Shop Tech Products at Amazon