Wearable technology – the future of privacy

By Andrew Paterson, Senior Technology Officer

UPDATE, 01/07/2014: Our consultation on updating our CCTV Code of Practice has now ended. We are currently considering the responses received with a view to publishing an updated version of our guidance later in the year.

Not so long ago, the collection of personal information by body worn devices was limited to trials in specific police forces, and others that could afford the specialist equipment. However, recent progress in hardware means that wearable technology may well become as common as mobile phones, as more and more technology companies start bringing out new devices that use personal information to make your life that little bit easier.

wearable-technologyIf you’re one of the more than one million people in the UK who go running each week you may already be familiar with the range of smart bands that can track useful information, such as heart rate, running speed and location, all using something no bigger than a standard watch. All of this can help you improve your times, find out how many calories you burn off and plan your next route.

This is uncontroversial if the device simply creates the data and lets you view it on, say, a computer at home. However, further functions might involve wider sharing of your personal data, for instance, checking how your performance has improved compared to others. Some functions, such as plotting your route on a map after your run, might be more efficiently performed using an online service, even though it might not be strictly necessary to do this.

This week we saw the UK launch of Google Glass, one of several products that are set to take this processing of personal information to the next level. As this technology develops, people will understandably have reservations about the increasing amounts of personal information that these products are capable of collecting and transmitting. The main issue in the media so far has been whether people have been given adequate notice that they might be filmed. For instance, media reports in the US have recently focused on how some bar owners in San Francisco have already banned Google Glass from their premises due to customers’ concerns over being filmed without their knowledge. Companies in the UK will now be considering their own response.

There is an important debate to be had around the privacy implications of wearable technology and it will ultimately be for society to decide how comfortable they are with wearables. However like any new technology, wearables must operate in compliance with the law. In the UK, this means making sure that these devices operate in line with the requirements of the UK Data Protection Act.

If you are using a wearable technology for your own use then you are unlikely to be breaching the Act. This is because the Act includes an exemption for the collection of personal information for domestic purposes. But if you were to one day decide that you’d like to start using this information for other purposes outside of your personal use, for example to support a local campaign or to start a business, then this exemption would no longer apply.

This is not the case for organisations, whose use of wearable technology to process personal information will almost always be covered the Act. This means that they must process the information collected by these devices in compliance with the legislation. This includes making sure that people are being informed about how their details are being collected and used, only collecting information that is relevant, adequate and not excessive and ensuring that any information that needs to be collected is kept securely and deleted once it is no longer required.

If the wearable technology is able to capture video or pictures then organisations must address the issues raised in our CCTV Code of Practice. An update to the code went out for consultation recently. There is also useful guidance on the Surveillance Camera Commissioner’s website that will have direct relevance to the use of wearables containing cameras.

The rise of wearable technology brings exciting new possibilities and is set to become widespread in the years ahead. But organisations must not lose sight of the fact that wearables must still operate in compliance with the law and consumers’ personal information must be looked after.

a-patersonAndrew Paterson became Senior Technology Officer at the ICO in November 2012. His main areas of work are advising colleagues on information security aspects of complaints and data breach investigations, and research on how new developments in technology might impact information rights.

Last updated 01/07/2014 17:00

This entry was posted in Andrew Paterson and tagged , , , , , , , , , , , , . Bookmark the permalink.

16 Responses to Wearable technology – the future of privacy

  1. Much of the data collected via wearables is stored remotely from the device – we know that Glass content is stored on Google servers, and can then be used by them in all sorts of unknown ways.

    However, wearers have to activate the device, for example to take a photo. What are the potential differences in Controller/Processor/Data Subject roles played by (in this example), Google, the wearer and other people in the general ‘detection’ range of the device? I suspect these will be key questions for professionals in this area.

    • Mark cooper says:

      100 % Agree Richard,

      Google is notorious for misusing user data. We have already seen this in Google analytics and android. Google Glass will surely raise some serious security concerns all over the world!

      Mark

  2. mikemastersid says:

    So glad that you took the time to remind the public what is allowed and what is not (seriously, the hype overrides common sense or even the law all to often).
    Spying on us should only be allowed for our ever so trustworthy governments globally, and of course all the many kind and well meaning large corporations from supermarkets to music ‘shops’ (sarcasm intended).

    Can’t wait for the day when I can talk to a spy glass wearer in the wild. Already the first headlines for the red tops jump to mind: “Google Glass wearer punched in the face because he refused to take his spectacles off. NHS can’t cope with increase of broken noses.”

  3. Very interesting read.

    @Andrew, I would love to meet you and discuss the practicalities of getting data from Google having recently asked them and been told as they operate outside of the UK they don’t have to comply with the act.Is this true?

    As for data collection, constantly recording what someone sees would require an immense amount of bandwidth so I’m not sure that this would happen without the wearers consent. Taking a picture or video in my view isn’ that much different to me holding my iPhone. If I see someone wearing Glass then I would be aware that they could be videoing me – this sadly isn’t true for local authorities where I have no idea what or how they video me or use that data so I definitely think reform is needed.

    The thing I’ve found most interesting is the lack of a light, to me this makes it hard for someone else to tell if they are on (as they turn off a lot to power save), whether a video is being made or a photo taken – again perhaps something like this may help!

    I wonder if in the future if Glass users will have to wear a t-shirt that says “Smile you’re on camera”.

  4. RobStevens says:

    I just don’t understand how difficult it is for people to understand that a public place is just that – public. If someone takes a picture of me on a street there is nothing I can say or do about it. Nor should whine like a little B if it happens. Really people need to get off the bandwagon of “I want my privacy” just to make themselves sound “mysterious” to make themselves actually sound important. If you really are worried about pictures or even video of you in public then are doing something wrong. Plain and simple.

    Do I really care what music is tracked by Google or how often I order porn on the internet. NO! I am not so stupid as to think that is really going to hurt me.

  5. Jay says:

    Google = NSA

  6. Tim Turner says:

    It’s interesting that the Information Commissioner’s description of ‘personal use’ is so broad. Since 2003, the ICO has largely avoided thinking about the implications of a European Court decision (Lindqvist) which supports the idea that publishing personal data on the internet cannot be viewed as purely domestic. If a Google Glass wearer films the inside of a changing room or a public toilet and then uploads it to YouTube, will the ICO really argue that this is just ‘personal use’?

  7. HF says:

    Google Glasses are not the only wearable devices we should be concerned with. How about the likes of Fitbit, Nike+ which collect and process personal health data? Will the manufacturers and complementary 3rd party apps also be subject to the UK’s data protection laws?

  8. Its reasonable to assume from past events and history that privacy and security (or trust) concerns are always viewed differently depending on your original point in time. For example, my grandparents generation would never trust the banks, leaving the majority of their money in pots or hidden spaces around the house because this was deemed safer than allowing the banks to look after it. Moving to my parents generation they may well have put their money in the bank as this was now the more common and trusted way of keeping your money, but ask them to go online and undertake banking or financial transactions and this was deemed a security risk or they had trust issues. Again moving to my own generation with online banking, mobile phone apps and electronic communication and financial controls being the norm we in general (last few years aside maybe) trust the banks and financial institutions enough to not overly concern ourselves with the privacy and security of these new platforms…. However introduce something new, like wearable technology and hey presto we all doubt and question its intended use, security and privacy. Will our children? Unlikely, as they they will begin their journey through life with this becoming the norm and only when the next new thing is introduced will they question it!

    Now this is not to say we should not question and satisfy ourselves that the technology is used in the appropriate way and in accordance with the law, however it should also be noted that is this technology that different to what is available right now? Its sleeker and will potentially appeal to a wider audience, but most people now have a smartphone; all of these have cameras and video cameras and I don’t remember being asked to leave this at the entrance to a bar or other public building/location. They all record voice and video and can take still pictures, just like Google Glass, how come none of the concern is about these devices, because they are the norm and we accept them, or because Google Glass does something else? My smartphone will take images and video and with no intervention by me, upload to Dropbox or Google Drive or OneDrive, etc so why the panic and concern for Google Glass?

    I am sure in time, these devices will become the norm, we will just accept them as part of everyday life and there will be something else to concern ourselves over. Until then, let the questioning, panic, security worries and paranoia continue…. “OK glass, take a picture”!

  9. Chris Wright says:

    I totally agree with Tony, these devices although bigger have been around for years. People have been taking photos and recording videos of incidents associated with stupidity for years and probably publishing them on line for the last decade without the individual(s) permission and its normally for the worlds amusement. Although a number of people may embrace this, there are likely people that don’t.

    Many a motorbike rider or cyclist now wear cameras, even cars carry them now, albeit for personal use in case of an accident on the highway. However, the number of videos on line at present that capture vehicle details, people and location is unbelievable. A vehicle belongs to an individual and it could incriminate that individuals personal life because of its location.

    It may be time that recording devices come with a data protection warning. I don’t think I have ever seen one any recording device, stills or movie type.

    I would say that unless you work in an industry that controls or processes data or you actually read the privacy details of the retailer you are buying from, a minority of every day people out there are probably oblivious of their actions when it comes to protecting an individuals privacy rights.

  10. Samuel Short says:

    Well, I also don’t understand the privacy madness. This is the price for a more comfortable life and I’m surprised that people who work with new technologies don’t get it. All those devices and solutions were once praised for their usefulness and boosting our efficiency and we were not concern about our privacy a bit. Google Glass(or any other wearable) and all (hypothetical) data it collects will not affect our lives even in fraction of what we’re afraid of.

  11. Privacy has become the most important factor nowadays for its the only way we can protect ourselves from the increasing number of crimes particularly on the Internet. For a comfortable life we need to have a life where we can have our own space and live a life that is only our own. I have some articles on my blog that are also technology concerned.

    Visit Tekhnvores

  12. Great Article Andrew! Typically we cannot avoid disadvantages in technology, but this stuff does much more than any other gadget. Google can be used whether your studying or working abroad, take video presentations and share it to your employees. Wonderful glasses isn’t it? Thanks for sharing!

  13. prkralex says:

    Many talk about the wearable still seem to be finding it difficult to find a real market outside of the US, which accounts for 70% of the conversation about the technology, followed by the UK (7%), Canada (3%), Australia (2%) and India (2%).

  14. Phil says:

    Without a doubt, privacy is the concern I hear most from customers who are considering wearable tech. Excellent post.

  15. Pingback: Big Brother or Little Brother? Exception to EU data protection law | Europäische Gerichtshof … call me CJUE

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s