What to Know About Wearable Technology in 2019

Wearables have been available for a while, though the definition of them has changed over the years. Wearables have become much more capable in the past decade, bringing with them a barrage of other problems that need to be addressed; chief among them is how these devices should be regulated, and by whom.

Wearable Technology Has Been a Mixed Bag

When you crunch the numbers, wearables have been an overwhelming success, and they are much appreciated by their consumers. The number of connected devices in the world was a modest 525 million in 2016, but it is expected to jump to 1.1 billion by 2022. It’s estimated that 167 million smartwatches and wristbands will be shipped that same year.

It’s clear that wearable technology is a commercial success, giving those who research and create it more than enough reason to pursue its continued manufacturing, but there are enormous concerns regarding security that need to be addressed.

The Perils of Data

Wearables present security risks that all organizations need to address. One example of wearable devices accidentally leaking data comes from a heat mapping feature of the Strava fitness application, which accidentally revealed the locations of classified military bases. Wearable devices are also not updated as regularly as other devices; they could be more likely to contribute to a DDoS attack as part of a botnet or provide hackers with an unsecured network access point.

It’s also imperative to consider that these devices tend to gather data. In many ways, the data collected by these devices can be considered disadvantageous to the user, so they will need to consider how the data could be used by any of their devices.

The Regulations that Have Been Put in Place 

Any technology that makes a large enough splash will eventually be subject to regulations. Nevertheless, the governing bodies and organizations that would put these regulations in place might not be able to do so at any given time. Here are a few to consider:

The FD&C Act

The Federal Food, Drug, and Cosmetic Act doesn’t have any power of wearables (even medical devices) because they are defined as a “low-risk general wellness product.” Thus, the manufacturer’s intended use of the device is what defines it as a medical device or not, meaning that devices that are put together by wearable manufacturers won’t be classified under this umbrella term according to the FD&C Act’s standards.

HIPAA

The Health Insurance Portability and Accountability Act protects the individual’s right to their health information. HIPAA offers many protections, but it doesn’t specifically cover wearable technology. Wearable manufacturers also aren’t touched by the secondary use of health data, which is the use of personal health information beyond the direct delivery of healthcare. Considering how all data is produced by a consumer and not a covered entity, the secondary use of health data doesn’t apply.

The FTC Act

The Federal Trade Commission can go after organizations that are carrying out deceptive practices, including a failure to comply with a privacy policy. This covers entities that are covered and not covered by HIPAA, and the FTC Act dictates how non-covered entities handle their health information-related security practices. The FTC can also bring on legal action against these companies who are careless with consumer information, whether it’s violated privacy rights or a failure to keep proper security measures.

The FTC has made its stance on wearables crystal clear. In 2017, the FTC reported that few companies ever discuss their cross-device tracking practices in their privacy policies. Cross-device tracking can permit multiple devices to be associated with a single user by linking that user’s activities across the devices. Thus, the FTC Act is probably one of the more effective ways of keeping wearable companies accountable for their actions.

What are your thoughts on these devices? Let us know in the comments.