#CyberFLASH: Privacy watchdog takes part in global probe of connected devices

1297658073661_ORIGINALCanada’s federal privacy watchdog is participating in a global initiative that’s raising red flags about connected devices – everything from “smart” TVs to fitness-tracking wristbands and Internet-connected toys – and their failure to provide users with control over the personal information those gadgets collect.

The Office of the Privacy Commissioner of Canada (OPC) took part in the global “privacy sweep” in April, and is now releasing the results. The sweep involved 25 privacy authorities . It looked at 314 connected devices – often collectively referred to as the “Internet of Things” – and how they communicate their privacy practices. Canada’s focus was on 21 health and wellness devices that are popular among Canadians, including fitness trackers, smart watches, smart scales and blood pressure monitors.

They found that connected devices “fail to inform users about exactly what personal information is being collected and how it will be used” – including sensitive data such as health and financial information.

The OPC says that the concept of “the body as information” is a major focus, as health, genetic and biometric information is being tracked more than ever. During the sweep, staff used connected products and analyzed what information those devices asked for – and what privacy collection and protection information they provided to users. Nearly half of Canadian “sweepers” – OPC staff who tested the devices – and more than three-quarters of international sweepers were unable to find basic instructions on how to delete their data once they had begun using the devices.

The Global Privacy Enforcement Network, now in its fourth year, is a joint effort among privacy organizations in many countries, including the United States, Britain , members of the European Union and China, and has conducted such privacy sweeps before. By acting in tandem, the group is attempting to add global heft to major privacy concerns.

Read more here

#CyberFLASH: Privacy Commissioner Targets IoT Health Devices in Sweep

image-4

What rumours is your fitness tracker spreading about you? In its latest Internet of Things themed sweep, the Office of the Privacy Commissioner of Canada reviews what personal information is being collected about Canadians by “smart” health and fitness devices.

Many of us will remember Time Magazine’s audaciously titled September 2013 issue, which splashed the following headline across its cover page: “Can Google Solve Death?”

At the time, there were more than a few skeptics who might have dismissed Google’s investment in Calico, a biotech subsidiary, as another moonshot investment by the tech giant or as part of a long-term expansion strategy.

Fast-forward less than three years. Regulators continue to play catch-up with the burgeoning industry at the intersection of data analytics and user-generated personal health data. The ballooning number of connected devices that make up the so-called internet of things (“IoT”) has accelerated in scale at a heart-clutching rate. The Office of the Privacy Commissioner of Canada (“OPC”) quoting estimates that, by 2020, there will be between 20 and 30 billion connected devices.[1] While devices that generate data specific to the function and use of the human body represent a subset of these devices, it is hard to deny the growth in the sophistication and potential use (and misuse) of the datasets generated from users’ health and biometric data.

Connected health technology has come a long way since the days of telephonic medical alert systems infamously portrayed in infomercials featuring “help, I’ve fallen” pushbutton necklaces. While application driven smart-phones, watches and fitness wearables are top of mind, the healthcare industry has adopted a range of smart devices that quietly gather and amass a steady stream of data about their users: baby monitors, respiratory and glucose meters, scales, pillboxes, thermometers, contact lenses, heart-monitors, and even band-aids are but a few of the previously inert devices that have become IoT-enabled. For individual consumers, health practitioners, and public health officials, there are extremely compelling use cases to prevent regulatory authorities from stifling the innovation in this sector. For individual patients and clinicians, the devices open what was previously a black-box allowing insight into the lives of individuals outside a clinical setting. The data gathered will enable the healthcare industry to open new service lines focusing on early detection and intervention as well as ongoing health monitoring. Similarly, public health authorities can benefit from large-N data-mining that could potentially offer new insights into determinants of disease, healthy aging processes, and general population wellness.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.