Earlier this week, Sen. Charles Schumer (D-N.Y.) made some headlines by calling out FitBit and other activity trackers as a "privacy nightmare" for collecting user data that “can potentially be sold to third parties, such as employers, insurance providers, and other companies, without the users’ knowledge or consent.” [edited 8/14/14] Activity trackers and some smart watches collect user information such as height, weight, sex, age, location, activities, diet, and sleep patterns. The information is used to analyze activity and keep a history for consumers.
Maybe FitBit wasn't the ideal company to single out, but Schumer correctly stated that there are currently “no federal laws that prevent developers from sharing personal health data with third parties.” He said that the FDA has released health information privacy guidelines on medical apps, but he said that fitness apps don’t fall under those privacy protections.
We spoke to Julia Horwitz, Consumer Protection Counsel at Electronic Privacy Information Center, to try to sort out some of these assertions. As to the question of whether fitness-tracker companies can actually sell or share customer data with impunity, she replied that it’s currently a question of interpretation. If a consumer’s data could be used to identify him or her, the data may actually be protected by those FDA guidelines Schumer mentioned. “There is confusion." she said. "People are looking to federal regulators to help them figure out whether their data is protected."