Consumer Electronics Association releases privacy guidelines for wellness device data

Tools

The Consumer Electronics Association (CEA) this week released a set of voluntary guidelines for use by organizations designing tools and devices based around health and wellness.

Members of such organizations came to CEA about six months ago to ask for help in creating privacy principles that they could use as they develop their products and services, Julie Kearney, vice president of regulatory affairs at CEA, said during a press call Monday.

Privacy is difficult to get right because there's no one-size-fits-all solution, Alex Reynolds, director of regulatory affairs at CEA, said on the call. In addition, even if a solution can be agreed upon, it will become invalidated as technology goes forward, so CEA created a framework for conversation, he said.

"It's a starting point to communicate to companies about what we think will build consumer trust in wearables, in devices that you use [to collect] wellness information," he said. "We asked, in creating this document, what are the key considerations in respect to wellness data and what tangible risks might they face that we can address."

Some of the principles in the guidelines include:

  • Security: Wellness data should be secured by companies through measures that are "reasonable and proportional to the sensitivity of that data," according to the document.
  • Policy and practice: Companies should explain their data management policy and their privacy policy to consumers, Reynolds said.
  • Concise notice: Those aforementioned policies should be summarized and communicated to consumers in a way that they can understand. "It's difficult to read long privacy policies that are written in legalese," Reynolds said. "There should be ways that consumers can more readily absorb that information."
  • Unaffiliated third-party transfers: When a company transfers personal wellness data to an unaffiliated company, they should get consumer permission first and should offer the ability for a consumer to revoke that data transfer.
  • Fairness: "In the age of big data, there can be bad decision-making," Reynolds said. "To guard against that, companies throughout the wellness data ecosystem need to be aware that automated decision-making through big data could cause unjust or prejudicial outcomes for consumers." He added that they're not yet aware of such an event happening, "but we want to be innovative in the way that we address this and be forward-thinking."

Kearney added that sometimes in the regulatory environment, policies can veer into overreach and areas not beneficial for innovation or technical growth. To that end, he said, the guidelines "are designed to be proactive" and will be tweaked as technology progresses.

Providing consumers with clear, straightforward information on security is especially important as many remain wary about the privacy of their health information.

That wariness regarding connected technology could stall innovation and stifle use and adoption if it is not addressed by vendors, Harry Wang, Parks Associates' director of health and mobile product, told FierceMobileHealthcare in August.

To learn more:
- read an announcement
- download the guidelines

Related Articles:
Consumers remain wary over safety of health wearables, wellness apps
Wearables, mHealth devices will suffer if security is an afterthought
Risk management, security strategies key to current mHealth acceptance
Report: Healthcare more susceptible to privacy attacks than other industries