Workplace Wellness, Privacy and the Internet of Things

On January 27, 2015 the Federal Trade Commission (FTC) published a staff report titled “Internet of Things: Privacy and Security in a Connected World.” The staff wrote the report on the basis of a workshop held in November 2013 and public comments. Because it is based on limited information, the report misses some important factors that affect the development of the Internet of Things (IoT) and consumer privacy. One glaring omission is the failure to mention workplace wellness programs and their role in what is becoming known as “connected health.”

As I listened to the workshop panel called “Connected Health and Fitness” I was struck by a complete absence of discussion of workplace wellness programs. The report doesn’t mention wellness programs, either. To the extent that it mentions the employment context at all, it lumps employment-related decisions with the other uses covered by the Fair Credit Reporting Act (FCRA), like credit and insurance. Why does this matter? It matters because the market for fitness trackers, which do appear in the report, is not a pure consumer market. Workplace wellness programs use significant incentives to get participants to wear fitness trackers and, thus, increase the number of people who wear these devices and the amount of data collected through them.

Repeated surveys have shown that most consumers abandon their wearable devices. About a third do so within six months of receiving the device. Manufacturers of fitness trackers hope that the abandonment rate will fall if wearing a fitness tracker can be tied to lower cost of health insurance or another significant incentive. As a result, several manufacturers have dedicated salesforces for the corporate wellness market and at least one is creating a fitness tracker specifically for this market. Some market forecasters believe that the financial incentives provided by wellness programs are essential to the growth of the fitness tracker market.

The privacy approaches suggested in the FTC report do not work well in the employment context. There is an inherent power imbalance in the employment relationship. The employer determines health plan design, the amount employees pay for their health insurance, and whether this amount depends on participation in a wellness program. When signing up for health benefits, employees who do not want to participate in wellness programs can face a less desirable health plan, higher health insurance costs, or fear that they might jeopardize their career prospects if they are labeled as “not a team player.” This dynamic is quite different from a market in which products are offered to customers who freely choose whether to use them.

Let’s start with the FTC’s recommendation for Data Minimization. We already know that there are serious questions about whether wellness programs generate savings for employers or for the healthcare system as a whole. Proponents of workplace wellness want to maximize types and amounts of data collected as they look for possible savings. Wellness vendors can collect and combine behavioral data from fitness trackers and apps with data from health risk assessments, biometric screenings, healthcare claims, and workplace attendance with public data like weather and maps. The basic notion of data minimization is directly antithetical to their interests. Employers, seeking to reduce health benefit costs, are supporting them by channeling employees into wellness programs through plan designs and incentives.

Notice and Choice are also problematic in wellness programs. In an ideal consumer market individuals would read and understand information about how their data is collected and used, and could make choices, in part, on the basis of this information. Unfortunately, fitness tracker notices fail to disclose the extent of data collection and sharing. Further, employers and wellness vendors consistently ignore, minimize, or fail to discuss privacy risks associated with wellness programs. It is not clear whether even the most determined individual could figure out everywhere her data goes or what rules apply when a fitness tracker is part of a wellness program.

Choice is no better. At the moment, three pending court cases question whether participation in workplace wellness programs is voluntary. While none of the cases deals with fitness trackers, the Equal Employment Opportunity Commission (EEOC) wants the courts to decide if financial penalties on employees who decline to participate in wellness programs change the nature of a decision to participate. If individuals must decide whether to wear a fitness tracker or pay hundreds or even thousands of dollars more for health insurance, privacy notices will be relevant only for those who can afford to pay the penalties.

Wellness programs give us a glimpse of a future where data collected from multiple devices and multiple sources will be combined and analyzed, resulting in a level of surveillance that is much greater than the sum of its parts. They also show us a future in which declining to cooperate with such surveillance will become increasingly expensive. Consider diet, a major area of focus in wellness programs because of links between diet and obesity. At the moment, most apps that monitor food and drink consumption rely on the individual to upload photos of meals or to make manual entries into an app. By combining time-stamped location data from fitness trackers with public data about food service locations, some analysts can already flag the types of food places where an individual eats and, potentially, cross-check this against the food that the person entered into an app. What will happen when the data about what someone eats can also be cross-checked with the data collected via a connected fork? Will it matter if she “voluntarily” provided access to this data to a wellness vendor because there is a large financial penalty for declining to do so?

While US privacy protections are sectoral, data flows in the real world are not. As more objects get connected to the Internet, it will be more and more difficult to confine their data within a single regulatory silo. Current tools will be utterly inadequate in the new connected world.

Originally published on LinkedIn on January 31, 2015