Last week, the Consumer Electronics Association (“CEA”) announced its Guiding Principles on the Privacy and Security of Personal Wellness Data, a set of baseline, voluntary guidelines for private-sector organizations that handle the type of data often produced by wearable technologies. The Guiding Principles are categorized into eight areas and generally include the following recommendations:
- Security. Robust security measures are the foundation of good data management. While consumers have access to many tools that allow them to secure their data, companies must do their part to secure personal wellness data from the outset.
- Policy and Practice. Consumers need to understand how personal wellness data is handled to be comfortable using health-related devices and services.
- Concise Notice. Consumers may be unable to understand lengthy privacy policies, which would impede their ability to understand how personal wellness data is collected and used.
- Unaffiliated Third Party Transfers. Consumers seek transparency about and sometimes want to control personal wellness data transfers among companies.
- Fairness. Personal wellness data collected from Internet of Things devices, combined with new data analytics, can provide many consumer benefits. However, companies need to guard against the possibility that data analytics unintentionally could create unjust or prejudicial outcomes for consumers. This principle is inspired by existing U.S. federal, anti-discrimination laws and guards against unfairness throughout a product’s lifecycle.
- Personal Data Review, Correction, and Deletion. Consumers wish to manage personal wellness data carefully. The ability to review, correct, or delete personal wellness data permits consumers to guard against inaccuracies or dissemination of the data beyond their control.
- Advertising Communications. Advertising is a useful tool that facilitates communication between companies and consumers. However, consumers want to control how personal wellness data is used for that communication.
- Law Enforcement Response. Consumers and companies alike are concerned about government access to personal wellness data. While companies must comply with legal process, they can be transparent with consumers about when and how they respond to lawful requests for data.
Recognizing that both technologies and consumer preferences evolve over time, the Guiding Principles allow flexibility on implementation according to a company’s unique products and offerings. Additionally, CEA encourages companies to maintain an “ongoing dialog with consumers” in order to understand the value of health and fitness technologies and their accompanying privacy options, along with any consumer sensitivities regarding the use of wellness data. To view the Guiding Principles in full, click here.