Wearable devices and privacy: what is the consumer exposed to?
Experts warn that the massive amount of data collected by companies is likely to be stolen or may be used against consumers for other profit-making purposes.
When a user accepts the EULA (short for End User License Agreement) or terms of use of a piece of software, this is rarely read in full. Teena Hammond has presented a number of articles in TechRepublic and ZDNet that consider "the dark side of wearables" in this regard.
Companies know that the massive amount of data they collect is likely to be stolen, used for profit-making purposes that are not in the interest of the individuals providing them and even resold. In fact, they have spent years taking out insurance to protect them from potential litigation with consumers (which has not prevented particularly notorious cases from appearing). However, the increase in popularity of wearable devices opens a window to an invasion of privacy at its weakest point: transmitting data to the cloud.
Paco Hope, a software security consultant for Cigital, warns of the ease of hacking a wearable device. Communications are properly secured on devices like PCs, smartphones or tablets. According to Hope, the limitations of a computer that has to fit into a pair of sunglasses or a watch are much higher.
Yet, the general public does not seem worried about the risks involved in these types of mass data transactions. Hammond opens one of her articles in TechRepublic by explaining how such unauthorized data collection can directly affect an area as important as health insurance, which could be more expensive just because a fitness tracker exposes its user's private activities against his/her will. These privacy breaches are found in the popular imagination as a potential threat because there is no awareness of the potential damage they can cause.
The companies, in an abrupt maneuver made to bring an immature technology to market based on its media weight, are not up for the job of recognizing that the data collected bring value to their company. However, there are precedents, such as RadioShack, of companies that have tried to sell data to solve situations as common as bankruptcy. In this case, Apple came out in defense of data collected through their iPhone.
Moreover, the ambiguity of the terms of use is accentuated in the case of wearable devices as these products incorporate both hardware and software. With the purchase of the first being indispensable for reviewing the EULA of the second.
"Third parties" are the data brokers
The ambiguity in the terms of use are the best method to reserve some actions with "third parties". The US Federal Trade Commission (FTC) released a report to Congress in May 2014 after an in-depth study of nine data brokers. These companies acquire data from various sources to be sold in packages to companies with diverse interests, all private and lucrative. In 2012 and only in the United States these businesses invoiced $426 million.
The aforementioned report Data Brokers, A Call For Transparency and Accountability includes extensive information from sources used by these companies. Online and offline data are combined and extracted from multiple sources. Although regulations are in place in almost all parts of the world that moderately protect the digital consumer from apathy when being made aware about what information is shared, the wearable devices data highway assumes a free hand to lots of data for these companies.
According to the report, there are up to twelve types of data collected from all sources by these companies. These are the following:
- Identifying data: Name, address, etc.
- Sensitive identifying data: Social Security number, driver's license number,etc.
- Demographic data: age, gender, race, languages spoken, employment, religion,etc.
- Court and public record data: bankruptcies, criminal convictions, marriage licenses, voting registration, etc.
- Social media and technology data: purchases, level of usage, online influence,etc.
- Household data: Mortgages, interest rates,etc.
- General interest data: Subscriptions, apparel preferences, attendance at sporting events, pets,music, genres, etc.
- Financial data: Net worth, purchasing power,etc.
- Vehicle data: brand preferences, propensity to purchase new or used vehicle, motorcycle owner, to purchase vehicle, etc.
- Travel data: highest price paid for travel purchase, preferred vacation destination,etc.
- Purchase behavior data: amount spent on goods, buying activity, purchase of plus-sized clothing, etc.
- Health data: data: tobacco usage, allergies, prescription purchases, brand name medicine preference, lenses user, etc.