ICO sounds alarm over wearable tech privacy issues

News
By Caroline Donnelly
published

Data protection body warns wearable tech users and device makers to be wary of falling foul of privacy regulations

The Information Commissioner's Office (ICO) is calling on wearable tech users to ensure data collected by their devices is processed in line with the UK's data protection laws.

This week alone has seen details emerge about new smartwatch technology from LG and Android, as well as the UK release of Google Glass to developers and beta testers, as the wearable tech trend continues to gain momentum.

If you are using a wearable technology for your own use then you are unlikely to be breaching the Act.

In the midst of this, the ICO has published a blog post, reminding users of the technology to be wary of the privacy implications of using it, and the laws surrounding the sharing of data created by wearable devices.

Andrew Paterson, the data protection watchdog's senior technology officer, said it is imperative the way wearable tech devices collect, process and share information is in line with the requirements of the UK Data Protection Act.

"If you are using a wearable technology for your own use then you are unlikely to be breaching the Act. This is because the Act includes an exemption for the collection of personal information for domestic purposes," Paterson explained.

For instance, if someone wears a devices that tracks health data that remains on the device, or is only viewable from a private computer, that is fine in the eyes of the Data Protection Act.

"But, if you were to one day decide that you'd like to start using this information for other purposes outside of your personal use, for example to support a local campaign or to start a business, then this exemption would no longer apply," he added.

Further complications may also emerge if the health tracking device above shares details of the jogging routes people have taken or publishes details of users' performance online to compare with others.

This type of data must be processed in line with the Data Protection Act, warns Paterson.

"This includes making sure that people are being informed about how their details are being collected and used, only collecting information that is relevant, adequate and not excessive and ensuring that any information that needs to be collected is kept securely and deleted once it is no longer required," he explained.

And it's not just the Data Protection Act wearable tech users and device makers risk falling foul of, as the CCTV Code of Practice also comes into play for tools that capture pictures and videos.

"The rise of wearable technology brings exciting new possibilities and is set to become widespread in the years ahead," he added.

"But organisations must not lose sight of the fact that wearables must still operate in compliance with the law and consumers' personal information must be looked after," Paterson concluded.

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.