Wearable technology, or “wearables”, have been around for decades, technically first becoming popular with Pulsar’s Calculator Wristwatch in the 1970s. Since then, our wearables have become much more capable, accumulating detailed profiles on us as we use them. This begs the question… who is in charge of regulating them?
Wearable Technology Has Been a Successful Mixed Bag
Crunching the numbers, it is clear that wearables as a whole are a successful and appreciated technology by consumers. The number of connected devices around the world, which had reached the not-inconsequential amount of 526 million in 2016, is anticipated to exceed 1.1 billion in 2022. That same year, the industry projects the shipment of 167 million units of smartwatches and their wristbands.
Clearly, wearable technology has been a commercial success, so there is no reason to anticipate that manufacturers will slow down on their research and development anytime soon. However, it is also important to note that wearables have introduced several concerns that did not require attention in the past, especially regarding security.
The Dangers of Wearable Data
There is ample evidence that wearables can create significant security concerns in more ways than one might initially anticipate. One only has to look back to the beginning of last year. The heat mapping feature of the Strava fitness application revealed the classified locations of military bases. This was thanks to the activity trackers the soldiers would wear during their workouts. Wearables are also notorious for being updated very infrequently (if ever), which makes them perfect devices to be taken over and used as part of a botnet, or as an easy access point into the rest of an otherwise protected network.
One also has to consider what is being done with the data that these devices collect, and how that data could potentially be used to the possible disadvantage of the consumer.
The Wearable Regulations that Have Been Put in Place (and Which Matter)
Naturally, such a potentially explosive technology ought to be subject to some regulations. However, the governing bodies and organizations typically responsible for imposing these regulations may not be in a position to do so.
The FD&C Act
The Federal Food, Drug, and Cosmetic Act likely has no power to regulate wearables. The Food and Drug Administration doesn’t include wearables in its classifications of medical devices. Instead describing them as a “low-risk general wellness product.” Basically, the manufacturer’s intended use of a device is what designates it as a medical device or not. This means that (unless wearable manufacturers make the call) these consumer-focused devices won’t need to meet the FD&C Act’s standards.
HIPAA
Although HIPAA offers some protection, its scope does not effectively cover wearables, as they are classified as non-covered entities. Moreover, the secondary use of health data probably does not affect wearable manufacturers. This is the use of personal health information beyond the direct delivery of healthcare. Since a consumer generates all the data and not a covered entity, the secondary use of health data is not applicable.
The FTC Act
This act allows the Federal Trade Commission to go after companies that are carrying out deceptive practices. Including a failure to comply with their own privacy policy. It covers entities both covered and not covered by HIPAA. Therefore, the FTC Act serves as the primary federal statute that dictates how non-covered entities handle their health information-related security practices. The FTC itself is also capable of bringing legal action against those organizations that play fast and loose with consumers’ information. Whether they have violated privacy rights or failed to maintain security.
Where wearables are concerned, the FTC has already spoken up. In 2017, the FTC reported that very few companies discussed their cross-device tracking practices in their privacy policies. By linking a user’s activities across multiple devices, cross-device tracking enables the association of multiple devices with a single user. This example shows how the FTC Act is currently one of the more effective means of keeping wearable companies responsible.
What do you think about wearables? Are they something you see as needing to be regulated? Share your thoughts in the comments!
