In the 2013 end of year round-ups “Wearable Technology” was internationally feted as a hot technology in 2014.
Indeed the noise coming out of the Consumer Electronics Show (CES) in January, was almost universally about wearables. Including, in a lot of cases how unwearable many of them are.
At the end of London Fashion Week, we thought it would be a good moment to muse on what happens when fashion and technology collide. What wearable technology we’ve seen and are interested by and of course a couple of thoughts on how the law intersects with wearable technology, specifically, what are the Data Protection Act issues in wearable tech and/or the privacy issues in wearable tech.
Wearable technology is hugely diverse, encompassing familiar accessories such as Fitbit or Nikefuel Band to things as diverse as Google Glass, and CuteCircuit’s Twitter dress. The IP issues in wearable tech are still emerging but the data protection act and privacy issues are likely to be more controversial. One legal issue that all of these wearable technologies have in common is the potential to turn us all into data controllers. Are we all data controllers now?
In the United Kingdom, the Data Protection Act requires that all data controllers must be registered with the Information Commissioner’s Office. A data controller must process or arrange to process personal data lawfully, fairly, and proportionately. Is one Data Protection Act issue in wearable tech that it makes us all data controllers?
In legal terms a data controller is a person who determines the purposes and the manner in which personal data is processed. Personal data is information about a living individual that, by itself, or in combination with other data held by the data controller, can identify that individual, including names, ages etc. In a special class is “sensitive personal data” which includes information about an individual’s health, sexual orientation, and religious preferences.
Right now, you are probably thinking, “okay I can see that there might be privacy issues with wearable tech, or even IP issues with wearable tech, but there is no way that I am ever going to be a data controller just through the data I collect using wearables”, but imagine.
You are wearing Google Glass. You are walking around a city. You are recording video as you walk around. An application on Glass can identify people that you pass, comparing their faces to those on their Google + profile. You are collecting their location, maybe you are behind a person at the pharmacy counter, you see their prescription. The sensitive personal data relating to that individual’s identity and health information is captured and recorded, by you.
In another scenario you are wearing Fuelband (or Fitbit or equivalent – take your pick!) the band is recording your day to day activity from your daily run to a(n occasional) Friday night blow out.
All this personal data, particularly in combination with other data, can be used to track and identify you (and other people).
A lot of the personal data (and sensitive personal data) wearables will collect is about the individual wearing the device, creating only limited privacy issues from wearable technology. However, there is no reason to think that you will only ever collect data about yourself. If you have an elderly relative you might want them to wear a bracelet (for example, Cuff) which connects to your phone and provides you with their personal data (even sensitive personal data), for example, whether that individual had taken a regular medication or missed a regular appointment.
Who is choosing the purpose and manner of collection? This is likely to be an important question in relation to where the data protection and privacy issues in wearable tech lie, for example, do you collect the data through Google Glass or is it collected by Google? (The answer can be both). Under the Data Protection Act If you are choosing the purpose and manner to collect and process the data it would appear that you are the data controller.
Wearable technology is still and emergent technology and so, unsurprisingly the IP issues, Data Protection Act, and privacy issues are still emerging from it. There is no guidance on this yet from the Information Commissioner. We will keep our eyes, and smart phones, on this and will blog again as the matter evolves.
In the meantime, here’s my five items of wearable technology I would rather like to wear:
If you have a query regarding wearable tech, you can contact us for a free initial chat at 020 7234 0200.
Data breaches: Is personal data held in your systems secure?
European Commission launches process on personal data flows to UK
In these working from home days, where weekdays seem to blend into weekends which melt into weekdays again, most of us don’t have the luxury of offices at home. Space is at a premium. Desks or dining room tables are shared. Papers are strewn across the floor. We…
The Court of Appeal has held that an individual can claim for compensation under section 13 of the Data Protection Act 1998 where a breach of the DPA results in a “loss or diminution of a right to control” their personal data. A claim of compensation would not require the…