Data Data Everywhere, Whose is it to Give?

Written by Sourya Reddy & Swagam Dasgupta 

It was a bone-dry morning in the middle of May, much like any other summer in Delhi. Although the clock was just hitting 8 am, the sweat was rolling off my skin to the point that after a bath, it was quite difficult to say whether I was actually clean or not. 

I walked out of my room to the sound of footsteps continuously moving around the house, which I just realized was happening for a while, accompanying MS Subbalaxmi’s Vishnu Sahasranamam in the background. As I sat in the hall to pick up the daily dose of both ‘our nation is going to hell’ and ‘our nation is Modi nation’, my mother strode past, brisk walking like a true woman on a mission. She went on to take several rounds of the house, stopping only for a brief sip of the usual morning filter coffee. 

On one of these rounds, I noticed that she held her phone in her hand. Not that it is unusual for somebody in this day and age to do so, but she kept checking it at one-minute intervals. As she sat down a little over half an hour later, I asked her what she was up to. 

“I have to reach 10,000 steps today, but we have our group puja today from the afternoon on. I don’t know when else I can walk!”

Surprised at the exact measure of 10,000 steps that she pointed out, I asked her why meeting this exact number was important, as opposed to the regular 45 minutes of walking. Scoffing at my seemingly caveman-era question, she said, 

“Aren’t you the one who grew up with all this technology? What a useless fellow. There’s an app you see, that measures exactly how much I need to walk to meet my quota. Maybe you should use it, sitting around the house doesn’t seem to be doing you much good!”

While she did have a point about my lack of exercise, the change in my mother’s strictness and appetite towards fitness, seemingly bolstered by this app, piqued my interest.

The Rise of the Wearables

Apps like the one above are more or less becoming a vital part of everyday life. Wearable devices, health trackers and remote monitoring devices have become core offerings of some of the biggest tech companies like Google fit, Samsung Galaxy Watch or the Apple Watch for example.

The wearable tech industry is expected to reach $54 billion by 2023. The scope of wearable devices and health apps reach far beyond our usual conception of fitness. These technologies have changed the way individuals can lead healthier lives by managing chronic diseases such as diabetes— Constant Glucose Monitoring (CGM) systems allow diabetic patients to track their real-time glucose measurements throughout the day and night. 

There is no doubt that these devices have disrupted the healthcare industry for the better by empowering consumers with the ability to take control of their health and overall fitness. But, this information empowerment does not come for free. The foundation of this technology lies within the data we produce, essentially making us the product. 

Who cares if we are the product, as long as we are also the beneficiaries, right? Well, that depends on whether this tradeoff between the data we produce and the health information we receive can be exploited without our knowledge or understanding. If we had the assurance that our data would be used solely for the purpose of ensuring personalised health outcomes, then yes, everything would be fine. But if that isn’t the case, then we open ourselves up to some serious concerns.

READ ALSO: Putting the Athlete First: Data Protection in Sports

What’s the Worst That Could Happen, Right?

What happens when wearable device manufacturers and insurance companies work together? The US gives us a glimpse of what’s to come. In late 2018, the insurance giant John Hancock announced a program that “offers policyholders discounted premiums if they agree to wear a tracking device that monitors their health”. These ‘interactive insurance’ schemes are meant to incentivize fitness and lower insurance cost. But what happens if we aren’t living healthy enough? Depending on the present state of our health and the predictive capabilities of these companies’ analytics, we could face higher insurance premiums or even policy cancellations. 

Let’s take it a step further. Imagine a scenario in which the company we work for subscribes to such an insurance policy. In effect, every employee in that company will have a fitness band or a smartwatch strapped around their wrist. In this case, our data could be accessible to the insurance company as well as our employer. 

Our location, eating and sleeping habits, heart rate, and even maybe our stress levels — all open to view and analyze by our bosses. Although this might be a nudge for a fitter workforce, who is to say that employers will — as asked by The Washington Post — “favour the healthiest employees while punishing or stigmatizing those who are less healthy, or who show signs of unhealthy behaviour such as heavy drinking or drug use?”

Both these scenarios depict an eerie and extreme picture of what might come about in the near future. However, we need not wait that long to be concerned. Just last year Indian organizations lost close to ₹12.8 crores to breaches in their data security systems. An average of 35,636 records were compromised per data breach. If this is the present scenario, then what are the chances that health data — something so sensitive and monetizable — will be safe from data breaches? 

Wearables and the Law

Wearable devices and fitness apps have the potential to nudge society towards a fitter future. They also increase the possibility of malicious actors misusing our data if we do not take its protection seriously. 

Given that many of these devices are developed in the US, people mistakenly assume that these technologies must be compliant with US laws — the Health Insurance Portability and Accountability Act (HIPAA) or the Genetic Information Nondiscrimination Act (GINA). This is not necessarily true; data produced from participant-based wellness programs need not be in accordance with these laws. As consumers, we need to be informed and aware of the laws that protect our data.

India requires a legal framework that protects this data while simultaneously ensuring that it can only be shared with the right people — such as healthcare professionals — and requires our informed consent. 

Fortunately, we aren’t far from putting such laws into effect. Both the Digital Information Security in Healthcare Act (DISHA) and the Srikrishna committee draft on Personal Data Protection (PDP) are proposed measures to ensure personal data protection. However, they take a very different approach to protecting health data. 

According to Ikigai Law — a law firm for technology and innovation-led businesses — the PDP bill and DISHA are incongruent when it comes to the terms used, definition and fundamental concepts. Private and public organizations are likely to prefer the PDP bill because of its lenient approach. However, health is an extremely sensitive and personal topic and requires the strict protection of DISHA. As a result, there is an immediate need to align the PDP bill with that of DISHA when it comes to health information. 

What Can We do as Consumers?

The Fitbit, Apple Watch, Moov Now, Samsung Gear Fit 2.0 — these devices have the ability to empower us to take control of our health and well-being. No wonder we buy them almost instantly, once they hit the shelves. As we should. The promise of a fitter future is too enticing to let go. But in all this wishful thinking, we need to be aware of the implications. As with any technology, these too are double-edged swords that can change our life for the better or worse.

With both the PDP bill and DISHA coming into play in the near future, we, as consumers should seek to empower ourselves not only with the smartwatches on our wrists but with knowledge of the law and how best we can safeguard our best-kept secret — our health.

This is the second part of a series on Sports and Data. You can read Part I here.

Featured image courtesy DetroitBORG