Buying and Selling Your Personal Health Data – TFHT 13

The Article

I am sometimes a health nut.  You know the type: when I want to get in shape I keep logs, map my runs, record my reps, and look at the data.  I moved into the direction of better health almost a decade ago, right around the advent of the smartphone, and probably a year or two before the creation of the famous FitBit.

My first smartphone was the Casio Commando and I loved the built in ‘activity apps’ that included a pedometer.  I turned that thing on to log the steps that I took over the day and at the end of each day I actually wrote down the number in my paper log books (Yes, I am THAT much of a geek!).  You would think that since the proliferation of the wearable health-tracker market is finally holding steady I would be all over that field…but I am not.

I looked into getting a health tracker because I am certainly interested in the data these devices can collect.  I am interested in the number of steps I take in a day, I am interested in heartbeats, and some of the more sophisticated versions are capable to measuring some sleep patterns.  But I am not interested in all of this data being stored on a companies server for several reasons.

First, lets look at the claim of storing the data, then we will talk about why this is a problem.  I researched all of the fitness trackers and found that all of them required an online account to use the device, without exception.  Garmin, FitBit, Misfit, Up, and the rest all require access to their app in order to use or view the data, but all of those apps sync the data to the company server, and with that they collect a lot of personal data.  If you read the FitBit privacy policy for example, you will see they collect:

  • Device Information
  • Height
  • Weight
  • Steps
  • IP Address
  • Precise and approximate location
  • Friends email addresses
  • You email address
  • Date of birth
  • Food logs
  • Physical address
  • Name, profile pict, and friends lists of social media accounts

This is a terrifying list of data that one company collects on its company servers, but they are not alone in their data collection.  All of the companies are collecting and storing data about you, your device, and your exercise.  Is that really so bad?

The first major problem with this data, and possibly the second most nefarious is that hackers like to gather data anyone.  First problem here is that the devices themselves are not terribly secure, but a hacker would need to get close to you in order to hack your device, but all of the information about you is stored on the cloud.  Companies are not always as stringent with cyber security as they should be, and the hack at Target should be a constant sober reminder that companies do not always secure their servers.  So are all of these fairly small and new startup health tracking companies properly securing their servers?  That is yet to be known but currently black market health data about people is more valuable than any other type of data including financial records.  So all of this data stored on a company server is a potential hacking and identity theft risk.

Even if the company servers are totally secure, another risk presents itself: corporate buyouts.  Companies that become large enough are constantly buying and selling company assets.  This means that though these companies will generally have privacy policies that preclude your data from being handed to a third party, if the company itself is sold to a third party than the data goes with it.  I can think of a few industries who would love to purchase a collection of 10 or more million users health data properly verified and including exercise, food logs, sleep patterns, friends, and social media collections.  What industry would possibly like that information?  Healthcare and insurance industries.  The data found in actuary tables is based on general population trends and it is already fairly accurate, but with the amount of information that is available in these health tracking apps will be able to fine-tune health conditions like advertisers fine-tune marketing.  I think this is so beyond dangerous that I would never willingly hand this type of data over to any company server.  That is largest risk of all.

What are we to do?  Go offline!  It is possible to track information the old way or at least without the use of online databases.  Some newer watches have pedometers built in and the data can be collected like I used to old-school record the data from my smartphone.  We can also use old-fashion watches and timers for running or other exercise tracking.  What I do for my runs to split the middle is I purchased a cheap $20 pre-paid android phone and never activated it.  I created a gmail account just for it and downloaded some apps that can track GPS, time, distance, etc for running but they are not linked back to my regular smartphones.  I can extract that data into my logs to do my geeky health tracking without agreeing to share that data on a corporate server.

Search Website


Support Switched To Linux on Patreon!

Sponsored

Receive Our Monthly Newsletter

Recent Articles