The Federal Trade Commission recently said it would crack down on the sharing of information about children by mobile apps, and there are now indications that it will turn its regulatory gaze toward apps that collect health data.
In late February and early March the commission conducted a small study of health and fitness apps to see how much personal data they collect and share with third parties. Turns out, it’s a lot.
Jared Ho, an attorney in the FTC mobile technology unit, studied a group of exercise, pregnancy, smoking cessation, diabetes, dietary, and diagnosis apps, and found that they shared personal and device data with 76 third party data collectors. Advertising and marketing companies typically collect such information to develop profiles of likely customer types, and in some cases directly target potential customers.
“The purpose was to point out that these apps transmit a variety of very sensitive information about the body and consumers need to understand that when interacting with health apps,” Ho told VentureBeat.
Of the 76 third parties, 18 collected the Unique Device Identifier (UDID) of the phone, the phone’s media access control address (MAC address) and its International Mobile Station Equipment Identity (IMEI). Ho says the collection of such IDs has clear privacy implications.
“It’s important because those device IDs could potentially allow third parties to connect the information between apps,” Ho says. “If one app is collecting and transmitting exercise information and another is collecting and transmitting diet information [on the same device] there is some potential for connecting that information through a device ID.”
Asked if the small study might be the beginning of a deeper looking into the matter at the FTC, Ho replied: “Health apps are an important area that we are continuing to look into,” Ho said. “It’s an issue of public concern and one that the FTC cares about.”
The United States has aggressively legislated the protection of health data with its Health Insurance Portability and Accountability Act HIPAA laws. But because the health data shared with apps falls outside the medical setting, it is not covered by the laws. The FTC is concerned that consumers might not make the distinction.
“Consumers are used to sharing that information with their healthcare providers, and the privacy of that information is protected by HIPAA regulations,” says Cora Han of the FTC’s Privacy and and Identity Protection Division. “We wanted to take a look at apps that generate and share sensitive data that are outside the protection of HIPAA.”
So as more and more fitness and health devices and associated apps show up in the marketplace, the more personal health data is collected and potentially shared. If the FTC decides to enforce rules on the collection and sharing of such data, the data analytics part of some app developers’ business model could be threatened.
We’ll continue to watch the FTC’s actions with regard to personal health data privacy.
This article originally appeared on VentureBeat
@CyndieAnnett Thanks for the RT, Cyndie
Yes this tracking problem is a big one, study from University of Illinois..
Good read the World Forum Privacy Report on the Scoring of America as data becomes available to query and score, so does the dollar sign go up as now there's new data to sell.
White House did a poor job on their big data privacy report I feel and so do a lot of quants and mathematicians. The biggest question all need to ask themselves is "do people work this way" many of the apps don't seem to follow that and being a former developer you get fooled all the time with a proof of concept and why we have so much glut with apps out there.