While most makers of wearables allow users to opt out of GPS location tracking, they are reminded that they will not get the full range of services. And while most privacy policies express a "commitment" to the "privacy, integrity and security" of the personal information of its users, that is generally followed by fine print about sharing information with "strategic partners," plus other companies that, "provide services such as information processing, order fulfillment, product delivery, customer data management, customer research and the like.""
Beyond that, most privacy policies say they disclose, "non-personally identifiable aggregated user data," including data gathered from the devices.
That, Dixon insists, should not reassure anyone. "When the industry says the data is aggregated and anonymized, it really isn't," she said. "There is no such thing as anonymous data any more."
Even the Federal Trade Commission (FTC) has expressed concern about the rampant sharing of personal information by data brokers. That, of course, extends well beyond wearables, but the agency, in a recent report titled, "Data Brokers: A Call for Transparency and Accountability," noted that among the thousands of data points collected on just about every U.S. consumer are, "sensitive categories include(ing) health-related topics or conditions, such as pregnancy, diabetes, and high cholesterol."
That information is at risk from more than data brokers. Experts also note that it is relatively easy for hackers to intercept data from users when it is being uploaded to the cloud.
"If wearables transmit data wirelessly in the clear, then it could be captured out of the air," said Lee Tien, senior staff attorney with the Electronic Frontier Foundation. "A general issue in the Internet of Things is the exposure of data."
And besides the basic privacy risk, there is the problem of accuracy. Dixon and her colleague, Robert Gellman, noted in their report that people currently, "remain in the dark about many of their consumer scores and about the information included in scores they typically don't have the rights to see, correct, or opt out of."
There are a variety of responses proposed for what more than one expert has called a "wild, wild West" privacy environment for wearables. The FTC has recommended that "Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them collected and shared by data brokers."
Ben Edelman, an associate professor at the Harvard Business School and a privacy advocate, said he thinks wearable companies need to be held to their promises. "If a company promises to keep users' wearable-collected data secure, then does not, what happens next?" he said. "With ever-more-sensitive data being collected, we should hold companies to their promises strictly — including significant penalties if they do not."
Sign up for Computerworld eNewsletters.