Privacy and the quantified self: A review of U.S. health information policy limitations related to wearable technologies

• Author: Danielle N. Rutherford,Nancy H. Brinson
• DOI: http://doi.org/10.1111/joca.12320
• Date: 01 December 2020
• Published date: 01 December 2020

COMMENTARY

Privacy and the quantified self: A review of U.S.

health information policy limitations related to

wearable technologies

Nancy H. Brinson

1

| Danielle N. Rutherford

2

1

The University of Alabama, Tuscaloosa,

Alabama

2

ICANN, Los Angeles, California

Correspondence

Nancy H. Brinson, The University of

Alabama, Tuscaloosam, Alabama.

Email: nhbrinson@ua.edu

Abstract

As Americans increasingly integrate quantified self-

health and fitness tracking (QSHFT) technologies into

their lives, the data collected by these devices offer to

not only help users to live healthier lives, but also pre-

sent opportunities for interested parties to identify and

target them based on their health-related behaviors. Cli-

nicians, employers, health insurers, data brokers, mar-

keters, and litigators have all expressed interest in

accessing individuals' QSHFT data for a variety of pur-

poses. Existing policies related to the collection, aggrega-

tion, and use of these data do not consistently address

and protect individual health privacy concerns. Indeed,

U.S. lawmakers recently proposed two separate bills

designed to correct this deficiency. The purpose of this

review is to examine current motivations, practices, poli-

cies, and regulations related to QSHFT data, identify

areas where individuals' health information privacy is

currently being compromised, and propose specific solu-

tions to address this escalating area of privacy concern.

KEYWORDS

information privacy policy, mHealth apps, quantified self

Americans are increasingly turning to a variety of quantified self-health and fitness tracking

(QSHFT) technologies (including smart watches, wearable fitness-trackers, and smartphone

applications) in an effort to learn more about their everyday habits, connect with valued others,

Received: 14 July 2019 Revised: 14 May 2020 Accepted: 3 June 2020

DOI: 10.1111/joca.12320

Copyright 2020 by The American Council on Consumer Interests

J Consum Aff. 2020;54:1355–1374. wileyonlinelibrary.com/journal/joca 1355

and motivate themselves toward healthier behaviors. Research indicates that 21% of U.S. con-

sumers (about 57 million) currently use a dedicated QSHFT device along with one of nearly

325,000 mobile health (mHealth) smartphone applications to track their health and fitness

activities (Vogels, 2020). The emerging “quantified self”movement has given rise to over 225

special interest groups in 49 countries worldwide, with a total of over 97,000 members

(Meetup, 2020). The majority of QSHFT users simply track their number of steps, distance trav-

eled, heart rate and dietary habits; though an increasing number are choosing to monitor the

quality of their sleep, their alcohol and nicotine consumption, their weight, menstruation/fertil-

ity cycles, and even their stress levels and moods (IDC, 2017).

Medical professionals suggest the continuous feedback on physical activity, biometrics, and

dietary behavior afforded by QSHFT technologies will prompt a shift toward better quality

healthcare by enabling healthcare practitioners to monitor their patients' health metrics, behav-

iors and outcomes in real time (Bose and Elfenbein, 2016). Indeed, a recent study found that

59% of U.S. consumers who own a QSHFT device are opting to connect them with mHealth

applications that access and organize their data in order to provide additional insights (Gil-

bert, 2018). Moreover, 90% are willing to share their health and fitness data when presented

with an opportunity to communicate with their health care provider, compare their activities

with others, or receive discounts on related products or services (Accenture, 2018).

Yet, as data generated by these technologies become increasingly accessible, new questions

are being raised about QSHFT data ownership, sharing, and security (Ajana, 2017). Adding to

these concerns, consumers have identified personal health data as one of the riskiest types of

information, which they are least willing to disclose (Robinson, 2017). A recent Pew survey rev-

ealed that 93% of American adults report a desire to control what information is collected and

shared about them (Madden and Lee, 2015), particularly within the sensitive context of health

(Vogels, 2020). Additionally, in their study of consumer perceptions of privacy risk across 52

information types, Milne et al. (2017) found that consumers are highly discriminating regarding

the level of risk they associate with different types of personal information, with secure identi-

fiers such as medical history, DNA profile, and health insurance identification among those

considered most sensitive.

This contradiction between consumers' stated intentions to protect their privacy online and

their tendency to behave in an opposite way (by willingly disclosing their personal information)

is referred to as the privacy paradox (Norberg et al., 2007). Several streams of research have

examined the privacy paradox in different contexts, but few have applied it to explain and pre-

dict QSHFT-related behaviors. Most scholars believe that the privacy paradox may be attributed

to consumers' limited understanding of the privacy risks associated with the security of their

online data (Milne et al., 2004; LaRose and Rifon, 2007; Taddicken, 2014). This is especially true

of mHealth data collected by QSHFT devices, since few consumers are aware of how these data

are collected and used by a variety of third parties (Albrecht et al., 2014; Sunyaev et al., 2014;

Robinson, 2019). That said, even among users who are aware of the risks of sharing their

QSHFT data, many do not make privacy a priority when choosing to share this information

with online partners (Nehf, 2007; Brinson et al., 2018), or they claim to be unclear about

whether or not their mHealth data are protected; making it more difficult for them to assess the

privacy risks associated with using these devices (Hunter, 2016).

A review of the existing U.S. policies and laws related to privacy and security in this arena

indicate a lack of clear, well-defined rules surrounding the use of data collected by QSHFT

devices and mHealth applications (see Table 1). The White House (2012), Federal Trade Com-

mission (2010; 2012; 2014), Department of Commerce and Federal Drug Administration have

1356 COMMENTARY