By Andrew Paterson, Senior Technology Officer
UPDATE, 01/07/2014: Our consultation on updating our CCTV Code of Practice has now ended. We are currently considering the responses received with a view to publishing an updated version of our guidance later in the year.
Not so long ago, the collection of personal information by body worn devices was limited to trials in specific police forces, and others that could afford the specialist equipment. However, recent progress in hardware means that wearable technology may well become as common as mobile phones, as more and more technology companies start bringing out new devices that use personal information to make your life that little bit easier.
If you’re one of the more than one million people in the UK who go running each week you may already be familiar with the range of smart bands that can track useful information, such as heart rate, running speed and location, all using something no bigger than a standard watch. All of this can help you improve your times, find out how many calories you burn off and plan your next route.
This is uncontroversial if the device simply creates the data and lets you view it on, say, a computer at home. However, further functions might involve wider sharing of your personal data, for instance, checking how your performance has improved compared to others. Some functions, such as plotting your route on a map after your run, might be more efficiently performed using an online service, even though it might not be strictly necessary to do this.
This week we saw the UK launch of Google Glass, one of several products that are set to take this processing of personal information to the next level. As this technology develops, people will understandably have reservations about the increasing amounts of personal information that these products are capable of collecting and transmitting. The main issue in the media so far has been whether people have been given adequate notice that they might be filmed. For instance, media reports in the US have recently focused on how some bar owners in San Francisco have already banned Google Glass from their premises due to customers’ concerns over being filmed without their knowledge. Companies in the UK will now be considering their own response.
There is an important debate to be had around the privacy implications of wearable technology and it will ultimately be for society to decide how comfortable they are with wearables. However like any new technology, wearables must operate in compliance with the law. In the UK, this means making sure that these devices operate in line with the requirements of the UK Data Protection Act.
If you are using a wearable technology for your own use then you are unlikely to be breaching the Act. This is because the Act includes an exemption for the collection of personal information for domestic purposes. But if you were to one day decide that you’d like to start using this information for other purposes outside of your personal use, for example to support a local campaign or to start a business, then this exemption would no longer apply.
This is not the case for organisations, whose use of wearable technology to process personal information will almost always be covered the Act. This means that they must process the information collected by these devices in compliance with the legislation. This includes making sure that people are being informed about how their details are being collected and used, only collecting information that is relevant, adequate and not excessive and ensuring that any information that needs to be collected is kept securely and deleted once it is no longer required.
If the wearable technology is able to capture video or pictures then organisations must address the issues raised in our CCTV Code of Practice. An update to the code went out for consultation recently. There is also useful guidance on the Surveillance Camera Commissioner’s website that will have direct relevance to the use of wearables containing cameras.
The rise of wearable technology brings exciting new possibilities and is set to become widespread in the years ahead. But organisations must not lose sight of the fact that wearables must still operate in compliance with the law and consumers’ personal information must be looked after.
|Andrew Paterson became Senior Technology Officer at the ICO in November 2012. His main areas of work are advising colleagues on information security aspects of complaints and data breach investigations, and research on how new developments in technology might impact information rights.|
Last updated 01/07/2014 17:00