AFTER PUSH BY SCHUMER, FITBIT ANNOUNCES NEW PRIVACY POLICIES AIMED AT PROTECTING PERSONAL HEALTH DATA – WILL NEVER SELL PERSONAL INFORMATION; SCHUMER URGES OTHER FITNESS TRACKING COMPANIES TO FOLLOW FITBIT'S LEAD
Earlier This Month, Schumer Revealed Many Fitness Bracelets Are Tracking
User’s Movements & Health Data; Presently, No Federal Privacy
Law Prevents Companies From Selling a User’s Personal Health Data
to Third Parties
Schumer Praises Fitbit Privacy Policy; New Policy States Company Will
Never Sell Personal Data That Identifies an Individual – Company
Will Only Share Data When Customers Opt-In
Schumer Urges All Other Fitness Tracking Device Companies to Adopt Similar
Privacy Polices as Fitbit, Continues to Urge FTC to Act
After his push, U.S. Senator Charles E. Schumer said that Fitbit has announced a new privacy policy to help protect the personal data of users. Earlier this month, Schumer revealed that personal health and fitness data – so rich that an individual can be identified by their gait – is being gathered and stored by fitness bracelets and can potentially be sold to third parties, like employers, insurance providers and other companies, without the users’ knowledge or consent. Schumer said that this creates a privacy nightmare, given that these fitness trackers gather highly personal information on steps per day, sleep patterns, calories burned, and GPS locations. Users often input private health information like blood pressure, weight and more. The data is then uploaded for analysis and feedback for the user. There are currently no federal protections to prevent those developers from then selling that data to a third party without the wearer’s consent. Schumer today praised Fitbit’s new privacy policy which now clearly states that they will never sell personal data that identifies an individual. Fitbit will only share data when it is (1) legally necessary or (2) when the data is de-identified and aggregated, or (3) when the user opts-in and directs the company to share data.
Schumer ommended Fitbit for revising its privacy policy and urged the dozens of other fitness tracking companies to follow its lead.
"We are very glad that Fitbit is doing exactly the right thing. They will not sell personal information to third parties and will share it only when legally necessary or when the customer has opted-in – this is the best possible solution. Fitbit customers can breathe a sigh of relief and should be aware that this company cares very much about their privacy and their security. We are urging all other fitness tracking companies to follow Fitbit’s lead and adopt similar privacy policies," said Schumer.
Currently, there are no federal laws that prevent developers from sharing personal health data with third parties. The FTC has openly voiced its concern about the selling of personal fitness data between companies, but has yet to take action to push application developers and other fitness monitoring companies to provide an opt-out opportunity. In September 2013, the FDA released guidelines on mobile medical applications to address privacy concerns. Unfortunately, there is a loophole in these guidelines as they only apply to apps that are promoted for medical purposes, such as the diagnosis, cure, treatment or prevention of a disease. Without a secure privacy policy or protection from HIPAA, users’ health information obtained via these trackers could be sold to insurers, mortgage lenders, or employers.
Earlier this month, Schumer called on the FTC to help fitness devices and app companies adopt new privacy measures. Schumer said again today that the FTC should help ensure that companies clearly explain to users how their data is being used and allow consumers to opt-out of data sharing. Schumer said such a policy would better protect consumers because companies would not be allowed to sell information about individual identities to third parties without their consent.