In the United States, medical devices have strong privacy protections written into law. But fitness trackers are, pretty much by design, not medical devices. Therefore, U.S. Senator Chuck Schumer pointed out yesterday, it’s possible that fitness data can be licensed to third parties without the customer knowing it. Schumer (D-NY) yesterday called on the Federal Trade Commission to issue regulations giving consumers the right to opt out before their data is sold.
As far as we know, those privacy guarantees are written into existing terms and conditions. Certainly they are for Fitbit, which was explicitly called out by Schumer. But it’s true — no one reads T-and-Cs, and it’s unlikely that the omission of a privacy guarantee would be noticed. And it’s way easier to modify a T-and-C after the fact (say, when your business model changes) than it would be to circumvent federal regulations.
It’s unfortunate that Schumer singled out Fitbit, which is a popular brand but definitively not an offender. And the snippets that showed on the news made it sound like Schumer was surprised that fitness trackers were actually gathering fitness information. (We wrote a brilliantly snarky post about that, which unfortunately did not fit the facts and will sadly remain unpublished.) But his actual point is good: private data should remain private.