Following the Strava heatmap debacle, I encountered this study by the University of Toronto’s Citizen Lab via Twitter:
Fitness tracking devices monitor heartbeats, measure steps, sleep, and tie into a larger ecosystem of goal setting, diet tracking, and other health activities. Every Step You Fake investigates the privacy and security properties of eight popular wearable fitness tracking systems. We use a variety of technical, policy, and legal methods to understand what data is being collected by fitness tracking devices and their associated mobile applications, what data is sent to remote servers, how the data is secured, with whom it may be shared, and how it might be used by companies.
The report, downloadable in full as PDF, x-rays some of the popular consumer tracking apps and discusses the involved privacy threats.
The key message is that there is a lot to do in terms of transparency and consent when companies deal with people’s movement data:
Fitness data can provide detailed insights into people’s lives. It is used in an increasing number of areas such as insurance, corporate wellness, and courts of law. Consumers deserve to be better informed about fitness tracking systems’ privacy and security practices to help them determine whether or not they are comfortable with how their fitness data is being used.