The Advent of Wearable Technology and Accompanying Privacy and Data Protection Challenges

Are You Wearing Information Technology?

With the exponential rise in smart devices in recent years, the powerful combination of computing technology and internet connectivity has shifted from our offices and homes to our bags and pockets. Monolithic computers that once sat on our desks are being replaced by laptops, smartphones and tablets.

Experts are predicting that another shift is on the horizon, to wearable technology, i.e., devices worn on the body, or even inside the body. This is seen as part of a move towards pervasive or “ubiquitous” computing — the idea that computing technology and the internet will be accessible anywhere at anytime as an integrated part of our environment.

Wearable technology is not an entirely new concept — for example, these new devices hark back to the calculator wristwatches of the 1980s. But what is new is their greater functionality and computing power, combined in many cases with internet connectivity and cloud computing. Wearable technologies often operate in partnership with a smartphone — acting as the internet hub for the device — which, on the one hand, allows a multitude of different uses, but, on the flipside, gives rise to a number of data protection challenges, which are discussed later in this first part of our three-part Special Report on various aspects of wearable technology and privacy issues.

Types of Wearable Technology

The recent release of Google Glass has generated a huge amount of buzz amongst developers, technology enthusiasts and related media. These prototype smart glasses can take videos or photos and project information from the internet into the right eye of the wearer via a tiny display.

Yet there are a number of other different types of wearable technology already in the market, including:

• Wearable cameras: Devices such as the newly launched Autographer camera enable users to “lifelog” by capturing images constantly throughout the day.

• Fitness and health monitoring devices: There is a rapidly growing market for devices such as Fitbit, Nike+ and Jawbone UP, which monitor the fitness levels or health of the individual wearing the device. These devices pair with the user’s smartphone apps to track the wearer’s activities and movement to build a picture of his/her fitness levels and encourage him/her to improve. Some of these types of devices can also monitor and analyse the individual’s calorie intake and the amount and quality of his/her sleep. Most of these devices are worn as wristbands or clip-on devices, and the data is transmitted from the sensors to smartphones or computers and onto the device makers’ central servers. The data can also be shared with the wearer’s online social networks. These gadgets may also have GPS functionality and, if so, can capture huge amounts of data about an individual’s location, as well as his/her activities and health, which may then be stored in the cloud.
• Medical devices: Another developing type of wearable technology is the medical devices category, which is discussed in greater detail in the third part of this Special Report, “Wearable Medical Devices and Concerns about Personal Data Protection”.

• Smart clothing: There are a few types of smart clothing already in the market. For example, a “smart shirt” refers to a shirt that is made from a fabric that allows the remote monitoring of vital signs of the wearer, such as heart rate and temperature. This type of technology enables information from the shirt to be stored locally or sent to the wearer’s doctor or personal server via a wireless or cellular network. Uses of this type of wearable technology include health monitoring of the elderly or unwell, sports training, monitoring pilot fatigue or monitoring personnel handling hazardous material.

• Smart watches: These devices are computerised wristwatches that have enhanced functionality beyond just timekeeping. Many run mobile apps, some run on mobile operating systems and a few have full mobile phone capability. Smart watches may communicate with a wireless headset or other device. The current features of these devices include camera functionality, GPS navigation, email, text and social media notifications, mobile media functionality and synching with fitness devices.

Wearable technology is generally still at an “early adopter” stage in terms of public and commercial use. For example, Google Glass was only recently released to a limited number of developers and enthusiasts and is rumoured for general release at the end of 2013 or in early 2014. However, concerns are already being voiced about the privacy implications of this technology category.

Smart Glasses and Privacy Concerns

Smart glass technology is probably the most publicised form of wearable technology, thanks to the recent release of Google Glass, a device which has divided technology enthusiasts and privacy campaigners. Google Glass and similar devices enable the wearer to take photos, shoot video and record conversations of anyone near the wearer, upload the content to the cloud and, potentially, share that data with anyone via the internet (e.g., via email or social media).

By their very design, smart glasses and wearable cameras can capture a great deal of personal data about the wearer and individuals in the vicinity of the wearer, and can potentially record images and sound in a covert way. Individuals unfamiliar with the particular device may not be aware that they are being captured and therefore have no chance to regulate their behaviour (e.g., by moving out of range of the device). Even if members of the public are aware of a device and its functionality, they may not be able to avoid being captured. Privacy campaigners (such as the Stop the Cyborgs movement) have criticised this aspect of the technology, highlighting that surreptitious footage and sound recordings can be uploaded to the cloud and used and distributed without the subjects’ knowledge or consent.

Surreptitious recordings are already possible using smartphones and tablets, but the privacy issue is seen as one of scale: for although ubiquitous, smart devices are relatively easy to spot, whereas smart glasses and wearable cameras are worn in the same position in record or non-record mode. We may also be caught on CCTV many times a day, but CCTV cameras are fixed at a certain height and do not usually record sound, whereas wearable devices move with the wearer and are potentially more covert.

Such privacy fears have led some cafes and other businesses in the United States to ban Google Glass — even before the devices are generally available — from their premises, in a similar way that swimming pools, nurseries and others have banned smartphone use in the United Kingdom in order to protect children.

Looking to the Future

Potential future developments in wearable technology seem unlikely to dampen privacy concerns. On the contrary, such concerns are likely to deepen when, for example, smart glass technology becomes modular and can be attached to prescription glasses — and therefore become harder to spot — or even be inserted directly onto the eyeball as contact lenses.

It remains to be seen whether businesses seize on smart glasses as another means of monitoring their premises, but this subcategory of wearable technology may be an attractive prospect. For example, security guards wearing smart glasses while patrolling grounds could share footage of any intruders in real time without having to wait to trawl through hours of CCTV tape. However, the use of wearable devices by businesses for surveillance and other purposes (such as marketing) is likely to trigger privacy concerns in the same way that Google Glass has in respect of personal, non-commercial use.

The Wearer’s Personal Data

As well as privacy issues in relation to the general public, personal data about the wearer of such devices gives rise to other data protection issues. As mentioned above, certain health and fitness gadgets can capture a huge amount of personal data over time via GPS location functionality. This personal data may then be uploaded into the cloud, analysed by the technology provider and shared with others, such as the wearer’s employer or insurance provider, for instance.

Applying the Law

Applying current data protection law to the development of wearable technologies will raise some challenges. Although the law exempts from its scope the processing of personal data for personal domestic, household and recreational uses, people will need to understand how to use these tools responsibly and with sensitivity to others. As data subjects, they will also need to understand who will access information from the device about them and others and how it will be used. Other adopters, including commercial users and public authorities, will need to ensure their activities comply with applicable law.

Developers will have to design wearable technologies and applications with privacy rights in mind. This may include incorporating clear and transparent tools, privacy friendly information, and user interfaces by which informed choices can be made and consent to processing — where required — can be easily obtained.

These technologies obviously have the ability to generate significant quantities of data. Manufacturers will therefore need to focus on ensuring that any personal data collection is limited to what is appropriate to the function of the device, and that this is within the reasonable expectations of users. Additionally, personal data of users must not be collected and used in ways that go beyond the main purpose of the device without their specific agreement.

Importantly, data security controls will need to be a key feature of these devices. This will include ensuring that devices and applications are not vulnerable to malware or attack and that controls exist to authenticate users and prevent unauthorised access to the device. Safeguarding collected personal data will also be a critical issue for the back-end hosting environments where large repositories of data from these devices will inevitably be stored.

Privacy measures should be designed into wearable technology at the outset, rather than developing expensive “bolt-on” measures in response to privacy concerns post-release.

Outlook

It’s important to remember that, although wearable technology may very well be the “next big thing”, this outcome is by no means certain. Some of the privacy issues outlined above are, therefore, theoretical, and may remain that way if this development does not become as popular as many predict.

However, as the technology becomes more prevalent in the near term, social norms — as well as common sense and sensitivity to others — are likely to help regulate the use of certain wearable technology such as smart glasses until the (notoriously slow) law catches up. For example, “Google Glass etiquette” is a hotly debated topic in digital media. The intensity of this debate underlines the importance of the privacy issues — theoretical or real — raised by this and other wearable technologies.

Louise Taylor is a Senior Associate and Sally Annereau is a Data Protection Analyst with Taylor Wessing LLP, London. They may be contacted at l.taylor@taylorwessing.com and s.annereau@taylorwessing.com.