Law in the Internet Society

View   r2  >  r1  ...
AmyTangFirstEssay 2 - 06 Dec 2021 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstEssay"
Deleted:
<
<
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.
 

Wearable Data: Will it Improve Your Freedom of Choice or Destroy it?

Line: 37 to 36
 There should be an international watchdog and international treaty with regard to the privacy rules, enforcement and imposition of legal consequences, along with financial penalties to those who do not respect such rules. It can be similar to anti-spam legislation enforcement in certain countries.
Added:
>
>
Improving this draft means making space by removing unnecessary factual recitation. You link to no sources, which gives the reader no way to read them for herself, and requires you to spend valuable space conveying what a couple of sentences well linked would suffice to do. With the resulting space you can then do some real analysis. The chances of the global treaty on fitness data you call for are precisely mathematically zero, which is also the level of government enthusiasm. You don't actually discuss the legal effect of GDPR or HIPAA, or for that matter CCPA, or show why they are ill-adapted to the purposes you haven't precisely defined. You have said nothing about the actual technology, though it is self-evidently possible to make the sensor array attached to the body store its data not with a platform, but in personal storage, and to build analytic models that run not in the platform's cloud, but on user-controlled computers, shielding all individual data not intentionally contributed to the model from disclosure to anyone. Progress along these three axes—to provide technical analysis, to make specific the legal analysis and to make realistic the political discussion—would produce an outstanding essay.

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

AmyTangFirstEssay 1 - 23 Oct 2021 - Main.AmyTang
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstEssay"
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.

Wearable Data: Will it Improve Your Freedom of Choice or Destroy it?

-- By AmyTang - 23 Oct 2021

Introduction

Information is valuable because it plays a vital role in our day-today decision-making and behaviour. The logical deduction to this mantra is that the more information we have, the better our chances are to make informed decisions. This is why the arrival of revolutionary technology which allows us to track the most basic but intimate information such as our health and fitness data, and to access real time monitoring and health care resources, was life-changing for many, because it gave us tools to measure and quality our physiological state without having to consult physicians and third-parties. The arrival of this new revolutionary technology does not come without its cons, the main one being the serious threat to violating our privacy.

This paper suggests that there are ways to benefit from this new technology without striping away our freedom by violating our privacy, and calls for systematic reform of the way we treat the sensitive health data, akin to medical data.

Privacy Issues

Despite their benefits, these fitness tracking technology and app companies lack transparency with regard to what they do to the data accumulated from consumers. By purchasing the new Fitbit or Garmin smartwatch, consumers are willingly signing away their privacy rights to these companies who harvest data for ulterior motive and purposes. In a study titled “Mobile health and privacy: cross sectional study” by the Macquarie University, researchers found a serious problem with regard to privacy in mobile health applications, stating that numerous app data was being collected and shared in an unauthorised manner. The study shows that 87.5% of the health apps’ data collection was related to third party services, where 55.8% of detected transmission of data was toward third party servers. Further, only 34.0% of health apps showed full compliance while 49.0% showed no compliance either because a privacy policy was not present or all the user data transmissions violated the privacy policy. In light of the study results, it is fully understandable that consumers have a distrust of these companies.

It is clear that even if these companies provide users with a privacy policy, the drafting and crafting of these documents are purposely elusive, vague and misleading. Even if policies exist, there are currently no easily available legal recourses or watchdogs to ensure that they are enforced, therefore resulting in 49% of apps being non-compliant.

Further, there may be violations of privacy by third parties, such as hackers and legal obligations such as subpoenas targeting the companies that operate the health trackers and app. The breach of privacy concerning UnderArmour? ’s MyFitnessPal? in 2018 is a great example to the vulnerability of these companies. The hack caused the divulgation of the usernames, passwords, and email addresses of more than 150 million users.

Industry giants such as Fitbit also admit to selling anonymized data to marketers and researchers. Some insurance companies even offer the option to their insured to sync and submit their fitness and wearable data to allow for premium adjustments. The data collected are akin to medical data, as one could predict numerous health issues and based on statistics and actuary calculations.

Although anonymized, with enough congregate information and geolocation data, it is possible to determine the identity of a person. In fact, six days of “step counts” may be enough to identify an individual among 100 million others and may reveal sensitive information such as an user’s address and routine. Consequences of leaking and divulging data are often unpredictable. For example, Strava accidentally pinpointed to the location and outline of secret US military bases, as military personnel were using fitness trackers. Aggregating and divulging such sensitive information becomes a gold mine for marketers, and even for the black market. Criminals will have the possibility of accessing a person’s routine by a few clicks on the dark web.

This begs the question: by purchasing these products, did users implicitly consent to share their intimate information? What are some rules businesses and legislature should implement and enforce to avoid the catastrophic consequences of revealing sensitive health and wearable data? The benefits of the fitness and health tracking technologies are non-negligeable and could be entirely advantageous to society. For example, they provide a sense of community, improve general well-being and allow for better decision-making with regard to one’s health, eating habits, working out habits, athletic performance and much more. It can even allow for crime solving, if the data is being divulged responsibly and lands in good hands.

Solutions

To benefit from fitness and health tracking technologies, a systematic reform is necessary. The European Union General Data Protection Regulation and the US Health Insurance Portability and Accountability Act provide good ideas and baseline of privacy protection. However, their application and enforceability stop at their respective jurisdictions.

On the business side, changes in the business models of companies gathering fitness data and how they protect the data will be required. For example, encryption of data should be common practice in the industry. However, businesses won’t voluntarily spend money and lose a source of revenue to make these changes without having exterior pressure, such as legislature forcing them to take action.

Policy changes are also called for to force these businesses to consider ethics, data privacy and anti-discrimination with regard to the data they collect.

There should be an international watchdog and international treaty with regard to the privacy rules, enforcement and imposition of legal consequences, along with financial penalties to those who do not respect such rules. It can be similar to anti-spam legislation enforcement in certain countries.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Revision 2r2 - 06 Dec 2021 - 13:02:24 - EbenMoglen
Revision 1r1 - 23 Oct 2021 - 03:56:26 - AmyTang
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM