Future of Privacy Forum Releases Best Practices for Consumer Wearables and Wellness Apps and Devices
FOR IMMEDIATE RELEASE
August 17, 2016
Contact: Melanie Bates, Director of Communications, [email protected]
FUTURE OF PRIVACY FORUM RELEASES BEST PRACTICES FOR
CONSUMER WEARABLES AND WELLNESS APPS AND DEVICES
- Document calls for restrictions on data sharing, enhanced notices, and informed consent for research
- FPF also releases new study highlighting improvement in availability of app privacy policies, but gap for top health and fitness apps
- Only 54% of sleep aid apps provide easily accessible privacy policy
Washington, DC – Today, the Future of Privacy Forum (FPF) released Best Practices for Consumer Wearables and Wellness Apps and Devices, a detailed set of guidelines that responsible companies can follow to ensure they provide practical privacy protections for consumer-generated health and wellness data. The document was produced with support from the Robert Wood Johnson Foundation and incorporates input from a wide range of stakeholders including companies, advocates, and regulators.
“Fitness and wellness data from apps and wearables provide significant benefits for users, but it is essential that companies incorporate Fair Information Practice Principles to safeguard this data,” said Jules Polonetsky, FPF’s CEO.
“Overcoming privacy concerns associated with wearable technologies is necessary to ensure their equitable access and use by global populations,” said Derek Yach, Chief Health Officer & Gillian Christie, Health Innovation Analyst, Vitality. “The Future of Privacy Forum’s guidance on consumer wearables and wellness devices showcases these challenges and explicitly outlines best practices for companies engaged in designing and deploying these technologies.”
The Best Practices build on current legal protections and app platform guidelines by providing specific guidance to ensure consumer apps include appropriate privacy protections, as well as developing responsible guidelines for research and other secondary uses of consumer-generated wellness data. The U.S. Department of Health and Human Services (HHS) articulated significant gaps in regulating health information privacy and security in a report released last month. HHS recognized that while technological innovation has advanced at an extraordinary pace in recent years, privacy and security protections of health information have not kept up.[1] The Best Practices released today begin to build norms for such data by making recommendations for privacy practices that:
- Provide consumers choices about the sharing and use of their data;
- Support interoperability with global privacy frameworks and leading app platform standards; and
- Elevate data norms around research, privacy, and security.
“Some data collected from wearables may be relatively trivial, but other data can be highly sensitive,” said Kelsey Finch, Policy Counsel, FPF. “These principles are tailored to provide appropriate protections calibrated to the nature and sensitivity of the data.”
In addition, a new FPF Mobile Apps Study underscores the necessity of strong Best Practices for health and wellness data. The App Study revealed that while the number of apps that provide privacy policies continues its upward trend from our previous surveys in 2011 and 2012, health and fitness apps – which may access sensitive, physiological data collected by sensors on a mobile phone, wearable, or other device – do worse than average at providing privacy policies. Only 70% of top health and fitness apps had a privacy policy (6% lower than overall top apps), and only 61% linked to it from the app platform listing page (10% lower than overall top apps).
The App Study also looked specifically at period tracking and sleep aid apps. Only 63% of period tracking apps provided a link to the privacy policy from the app platform listing page. More disappointingly, only 54% of sleep aid apps provided a link to the privacy policy from the app platform listing page.
“Even though a privacy policy is not the be all and end all for building consumer trust, there is no excuse for failing to provide one – doing so is the baseline standard,” said John Verdi, FPF’s Vice President of Policy. “App platforms have made it easier for developers to provide access to privacy policies. Consumers expect direct access to privacy policies, and users can review them before downloading an app.”
###
The Future of Privacy Forum (FPF) is Washington, DC based think tank that seeks to advance responsible data practices. FPF includes an advisory board comprised of leading figures from industry, academia, law, and advocacy groups. Learn more by visiting www.fpf.org.
[1] Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA. By: U.S. Department of Health and Human Services. Available at, https://www.healthit.gov/sites/default/files/non-covered_entities_report_june_17_2016.pdf (July 19, 2016).