The Problem of Wearable Technology Data Collection and EU Regulation

European regulators bring concern for start-ups that plan to sell their fitness and tracking devices to the corporate customer.

Last June the European Advisory Panel stated that employers should be banned from giving their employees wearable tracking devices such as fitness monitors and smartwatches to track their employees’ health. Additionally the EU body also made it clear that employers should stay clear of accessing and using the data these devices create, even if the data is completely anonymous and employees gave their permission.

Understandably, start-ups but also more established players are concerned, as are their corporate clients who use this data to improve their employee health and decrease medical insurance premiums.

Fitbit states that employees should surely be informed about the uses of the generated date, who will have access and given the option to participate or not without any consequences for refusal. However the EU body sticks with its point. They find that even such transparency is  most likely insufficient.

““Given the unequal relationship between employers and employees,” the body said, workers were probably never able to give legally valid consent to have their data shared. “Even if the employer uses a third party to collect the health data, which would only provide aggregated information about general health developments to the employer, the processing would still be unlawful.”” – (Jeremy Kahn – 2017)

Fitbit has a large stake in this but declined giving a direct comment on the opinion of the EU privacy groups. However Fitbit did state that they believe all wellness programs should protect the employees’ privacy and be voluntary. The company has over 1.300 organizations, encompassing more than 2,6 million people, using its devices for their corporate wellness program. These companies are concerned that  their employees spent too much time sitting and want to encourage them to move more.

Nokia purchased Withings in 2015 and build their corporate wellness program Nokia Digital Health around it. Alex Normand, head of B2B sales of Nokia Digital Health stated: “We believe the responsible integration of connected health devices into the health care system, including through corporate wellness programs, has the potential to significantly improve the health and well-being of society, and are actively working with hospitals, research institutions, and health care providers to explore this promising field,”. He also stated they Nokia would abide by all applicable law and would uphold the highest standards of privacy and security in every market it sells.

Move coach shares aggregated data, such as fitness levels and demographic age with consent of the users. The company Salesforce, LinkedIn and Microsoft Corp. With an eye on this new ‘EU opinion’ it is concerned that it will not be able to serve its European customers.

Frank Palermo, head of solutions at Virtusa, a consultancy firm within connected devices and wearables, states that “Collecting data on worker activity and productivity to ensure their safety should be in the purview of the employer,”.

Statement of the EU body is just an opinion, at least for now. This means that in the end it is up to each individual country to decide whether they want to comply or not with this opinion. However per May 2018, European regulations will become more streamlined and the New General Data Protection Regulation will be enforced. In this regulation it states that business are required to carry out impact assessments before implementing any technology or procedure into their company which may pose a risk to individual privacy rights. They are also required to select the most privacy friendly solutions.

To finalize I just want to state that not everyone is concerned or disagrees with this opinion of the EU body. BioBeats, a company that uses wearable sensors and applications to better manage the employees stress levels, never gave companies access to their data. Therefore, CEO David Plans, stated that this regulation would give BioBeats more space to compete within the market.

He finds that “The only thing that should ever reach the employer is our analysis of the data, not the data itself.”

 

This post is based on the following article – Fitness Tracking Startups Are Sweating Due To EU Privacy Regulations

Leave a Reply