FOR IMMEDIATE RELEASE
August 17, 2016
Contact: Melanie Bates, Director of Communications, [email protected]
FUTURE OF PRIVACY FORUM RELEASES BEST PRACTICES FOR
CONSUMER WEARABLES AND WELLNESS APPS AND DEVICES
- Document calls for restrictions on data sharing, enhanced notices, and informed consent for research
- FPF also releases new study highlighting improvement in availability of app privacy policies, but gap for top health and fitness apps
Washington, DC – Today, the Future of Privacy Forum (FPF) released Best Practices for Consumer Wearables and Wellness Apps and Devices, a detailed set of guidelines that responsible companies can follow to ensure they provide practical privacy protections for consumer-generated health and wellness data. The document was produced with support from the Robert Wood Johnson Foundation and incorporates input from a wide range of stakeholders including companies, advocates, and regulators.
“Fitness and wellness data from apps and wearables provide significant benefits for users, but it is essential that companies incorporate Fair Information Practice Principles to safeguard this data,” said Jules Polonetsky, FPF’s CEO.
“Overcoming privacy concerns associated with wearable technologies is necessary to ensure their equitable access and use by global populations,” said Derek Yach, Chief Health Officer & Gillian Christie, Health Innovation Analyst, Vitality. “The Future of Privacy Forum’s guidance on consumer wearables and wellness devices showcases these challenges and explicitly outlines best practices for companies engaged in designing and deploying these technologies.”
The Best Practices build on current legal protections and app platform guidelines by providing specific guidance to ensure consumer apps include appropriate privacy protections, as well as developing responsible guidelines for research and other secondary uses of consumer-generated wellness data. The U.S. Department of Health and Human Services (HHS) articulated significant gaps in regulating health information privacy and security in a report released last month. HHS recognized that while technological innovation has advanced at an extraordinary pace in recent years, privacy and security protections of health information have not kept up. The Best Practices released today begin to build norms for such data by making recommendations for privacy practices that:
- Provide consumers choices about the sharing and use of their data;
- Support interoperability with global privacy frameworks and leading app platform standards; and
- Elevate data norms around research, privacy, and security.
“Some data collected from wearables may be relatively trivial, but other data can be highly sensitive,” said Kelsey Finch, Policy Counsel, FPF. “These principles are tailored to provide appropriate protections calibrated to the nature and sensitivity of the data.”
The Future of Privacy Forum (FPF) is Washington, DC based think tank that seeks to advance responsible data practices. FPF includes an advisory board comprised of leading figures from industry, academia, law, and advocacy groups. Learn more by visiting www.fpf.org.
 Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA. By: U.S. Department of Health and Human Services. Available at, https://www.healthit.gov/sites/default/files/non-covered_entities_report_june_17_2016.pdf (July 19, 2016).