Home > HK
Saturday, April 16, 2016, 00:21

HK joins global probe into data use by fitness trackers

By Timothy Chui

Hong Kong’s privacy watchdog has joined an international effort to probe the personal data implications of the growing trend of using electronic fitness trackers.

Privacy Commissioner for Personal Data Stephen Wong Kai-yi said the adoption of Internet of Things (IoT) products such as wearables offered exciting choices while generating considerable business opportunities. But it also led to the compilation of an unprecedented amount of personal data.

The probe conducted through the Global Privacy Enforcement Network will coordinate privacy enforcement agencies in 29 countries and regions. The fitness tracker personal data report is due in the third quarter.

“Many IoT devices increasingly include functions such as tracking fitness and health,” Wong said.

“This means more personal data elements are being collected and shared across apps and other devices without the knowledge or consent of consumers,” he added.

Wong said it was important for companies to reveal their personal data policies and practices as well as the type of personal data held and how it could be used.

The fitness tracker market has seen phenomenal growth in recent years with strong sales of Apple Watch and the FitBit. The latter saw global sales double between 2014 and 2015 after trebling during 2013 to 2014 while low-cost options are also widely available via online vendors.

Brand leaders such as FitBit have relatively well-developed legal policies detailing use of personal data. But lower-end models by other manufacturers often lack any consumer information on the retention and use of people’s biometrics.

Chinese University of Hong Kong law professor Stuart Hargreaves welcomed the commissioner’s decision to investigate the privacy implications of wearables. He said that unlike other jurisdictions Hong Kong had no special rules for handling biometric data.

Current personal biometric data laws offer guidelines but are not mandatory. Regular data protection laws require users to be informed on the collection and use of their data.

“The proliferation of many cheap trackers available online means they may be produced by companies with no knowledge of local laws, or who have failed to draft an adequate privacy policy,’’ he said.

“Consumers would be well advised to read carefully the terms of use of any fitness tracker they purchase before allowing it to record their movements 24/7,” Hargreaves said.

He said although the risk of data leakage was low, a greater risk was the acceptance of “trackers” as part of everyday life.

“An employer might, for instance, offer a subsidized insurance plan to employees who agree to wear trackers that prove they walked a certain number of steps each day or slept a certain number of hours,’’ Hargreaves added.

“Providing this was an ‘offer’ rather than a ‘requirement’, it is unlikely it would breach the law. But employees – particularly those lower on the wage scale – might feel almost obliged to accept this intrusive surveillance by their employer in order to access cheaper health insurance,” he explained.

Latest News