EU privacy regulators have fitness-tracking startups sweating
STARTUPS hoping to sell health tracking devices and software to corporate customers are worried European regulators will torpedo their business model.
Employers should be banned from issuing workers with wearable fitness monitors, such as Fitbit, or oth er health tracking devices, even with the employees’ permission, a European Union advisory panel said in June.
Employers should also be barred from accessing data from their devices their employees wear, even if it is only aggregate data for the entire workforce or anonymous data, the EU body said.
Since the ruling, concern has grown among both small startups and more established players who sell wearable devices and software to businesses, often on the prospect of improved employee health and lower medical insurance premiums.
According to Fitbit, employees should be informed of how their data will be used, who would have access to it, and be given the choice of opting out of any data sharing without adverse consequences, the company said.
That’s insufficient, said the EU advisory body, known as the Article 29 Working Party and is comprised of data regulators from each of the EU’s 28 member states.
“Given the unequal relationship between employers and employees,” the body said, workers were probably never able to give legally valid consent to have their data shared.
“Even if the employer uses a third party to collect the health data, which would only provide aggregated information about general health developments to the employer, the processing would still be unlawful.”
Fitbit has more than 1,300 organisations using its devices as part of corporate wellness programmes, encompassing more than 2.6 million people, the company said in a statement. Among its customers are a number of large European employers such as SAP SE. Concerned about how much time its employees spent sitting, it provided workers with subsidised Fitbits to try to encourage them to get up more and move around.
Fitbit declined to comment directly on the EU data privacy group’s opinion but said it believes all corporate wellness programmes should be voluntary and protect employees’ privacy.
Telecom company Nokia purchased French wearables maker Withings for US$ 190 million (170 million euros) in 2015 and has since built a new division called Nokia Digital Health around it. It too has been targeting the corporate wellness market.
“We believe the responsible integration of connected health devices into the health care system, including through corporate wellness programmes, has the potential to significantly improve the health and wellbeing of society, and are actively working with hospitals, research institutions, and health care providers to explore this promising field,” Alexis Normand, head of business to business sales for Nokia Digital Health, said in a statement.
Normand said Nokia would abide by all applicable laws and regulations in every market it sells in.
The company is “committed to upholding the highest standards of privacy and security,” he said. — WP-Bloomberg