Schumer: Without Their Knowledge, Fitbit Bracelets & Smartphone Apps are Tracking User’s Movements and Health Data That Could be Sold to Third Parties

LongIsland.com

Schumer calls for FTC to require mandatory “opt-out” opportunity before any personal data can be sold.

Print Email
Washington, DC - August 10, 2014 - U.S. Senator Charles E. Schumer revealed today that personal health and fitness data – so rich that an individual can be identified by their gait – is being gathered and stored by fitness bracelets like ‘FitBit’ and others like it, and can potentially be sold to third parties, like employers, insurance providers and other companies, without the users’ knowledge or consent. Schumer said that this creates a privacy nightmare, given that these fitness trackers gather highly personal information on steps per day, sleep patterns, calories burned, and GPS locations. Users often input private health information like blood pressure, weight and more. The data is then uploaded for analysis and feedback for the user. There are currently no federal protections to prevent those developers from then selling that data to a third party without the wearer’s consent. Schumer therefore urged the Federal Trade Commission (FTC) to push for fitness device and app companies to provide a clear and obvious opportunity to “opt-out” before any personal health data is provided to third parties, who could discriminate against the user based on that sensitive and private health information.
 
Many Americans have started wearing fitness trackers and bracelets, like Fitbit, to monitor and improve their health, and Schumer believes the technology is a positive and effective way to promote healthier and more active living. However, Schumer highlighted that there are insufficient federal protections in place to ensure that information submitted to and collected by these fitness trackers remains personal and private. Schumer drew contrast to a Finnish company called Polar Flow that is appropriately handling privacy by making it very clear in their terms and conditions that they will never sell personally identifiable data for advertising purposes. In his letter to the FTC, he said that the federal government should investigate the vague policies used by these companies that make it impossible for health-conscious consumers to make an informed choice about privacy, and to clarify that it is an unfair or deceptive trade practice when a company fails to state clearly to consumers whether personal data may be sold to third parties for advertising or other purposes. 
 
“Personal fitness bracelets and the data they collect on your health, sleep, and location, should be just that – personal. The fact that private health data – rich enough to identify the user’s gait - is being gathered by applications like FitBit and can then be sold to third-parties without the user’s consent is a true privacy nightmare,” said Senator Schumer. “If companies of fitness devices have the ability to sell personal health data to insurers, employers and others, users should be alerted and given the opportunity to decline. The FTC should require fitness devices and app companies to adopt new privacy measures that will help conceal the identity of individuals and develop policies to protect consumer information in the event of a security breach.”
 
Currently, there are no federal laws that prevent developers from sharing personal health data with third parties. The FTC has openly voiced its concern about the selling of personal fitness data between companies, but has yet to take action to push application developers and other fitness monitoring companies to provide an opt-out opportunity. In September 2013, the FDA released guidelines on mobile medical applications to address privacy concerns. Unfortunately, there is a loophole in these guidelines as they only apply to apps that are promoted for medical purposes, such as the diagnosis, cure, treatment or prevention of a disease.  Without a secure privacy policy or protection from HIPAA, users’ health information obtained via these trackers could be sold to insurers, mortgage lenders, or employers. 
 
Schumer today called on the FTC to help fitness devices and app companies adopt new privacy measures.  Schumer said that the FTC should help ensure that companies clearly explain to users how their data is being used and allow consumers to opt-out of data sharing.  Schumer said such a policy would better protect consumers because companies would not be allowed to sell information about individual identities to third parties without their consent. Schumer also noted that these companies should adopt stronger policies that protect consumer information in the case of a breach. Schumer said that these measures will allow individuals to enjoy the many perks of their fitness devices without the increasing threats to their private health information.