Fitness trackers like Fitbit pose a major privacy and security risk to users, warns a new report from the Centre for Digital Democracy.
Fitness trackers and smart watches, which are sold by companies including Fitbit, Apple, Jawbone, Misfit and Samsung, collect a wide range of personal, physical and health data about users. Companies could sell this information to advertisers, or even to your employer or health insurance provider. Users could suffer consequences ranging from targeted advertising to raised insurance premiums to job discrimination or even identity theft.
On top of which, there’s no evidence that the devices actually improve people’s health.
Treasure trove of data
The wearable devices monitor everything from physical activity to heart rate, sleep, stress levels and calorie consumption. As devices get more advanced, the information they collect becomes more and more valuable to malicious actors.
“Biosensors will routinely be able to capture not only an individual’s heart rate, body temperature, and movement, but also brain activity, moods, and emotions,” the report warns. “These data can, in turn, be combined with personal information from other sources—including health-care providers and drug companies—raising such potential harms as discriminatory profiling, manipulative marketing, and security breaches.”
The companies admit to collecting and analyzing user data — it’s part of the “service” provided — and to sharing it with third-party apps that users sign up for. Those third parties, in turn, may also pass along your data.
The first and most likely place for your data to end up is in the hands of advertisers. Targeted advertising using personal data has become big business in the age of the Internet. But there is also nothing to stop companies from selling your data to your health insurance company, which could use it to calculate increased premiums.
In fact, the list of companies and groups in the market for your private information is nearly endless.
The information collected by these devices “could enable profiling and discrimination—based on ethnicity, age, gender, medical condition, and other information—across a spectrum of fields, such as employment, education, insurance, finance, criminal justice, and social services, affecting not only individuals but also groups and society at large,” the report warns.
Even if a company promises never to share your data, the information could still be compromised by a cyber attack. Databases containing large amounts of diverse information, such as health care records, are now one of the favorite targets of malicious hackers.
“The opportunities for data breaches will increase, with hackers accessing medical and health information at insurance companies, retail chains, and other businesses,” the report says.
Do they even help?
Furthermore, studies now suggest that fitness trackers don’t actually lead to much improvement in exercise behaviors.
One study, published in the journal Lancet Diabetes and Endocrinology, found that people who used a Fitbit Zip for a year did show sustained increases in activity level, but only by an average of 16 minutes a week. This was “probably not enough to generate noticeable improvements in any health outcomes,” the researchers wrote.
It takes very little exercise — about 30 minutes of aerobic exercise three to five times a week — to dramatically improve your health profile. That is, 90 to 150 minutes a week. An extra 16 minutes isn’t enough to make much difference.
The researchers found no evidence that Fitbit wearers were any more likely to lose weight or improve cardiorespiratory fitness or blood pressure.
Another recent study, published in the Journal of the American Medical Association, found that people using wearable devices lose less weight than those using standard weight loss techniques.