In the future, wearable technology, such as the Apple Watch, will revolutionize the way we look after ourselves.
Originally the head and the wrist were the only parts of the body that could be fitted with tracking functions but now smart wear, such as wearable shirts have been introduced, which has taken these devices up to a new level.
Collection of data, especially medical data, from these new devices, introduces new risks that you must be aware of and mitigate as a developer.
This can be vitally important to the success of your business – since data is so personal in nature, and because of recent high-profile security breaches at Home Depot and Target – whether or not users embrace new wearables like yours depends on how confident they feel that thorough safeguards exist to protect their personal data you collect through the app.
In order to proactively alleviate any concerns that users may have it's important to incorporate privacy into the design of your Apple Watch app.
It's been suggested that until real laws have been set down to cover this topic for these specific devices, businesses such as yours dealing with wearable tech should work together to develop and adhere to industry guidelines in order to ensure that users' personal data is being protected.
If you are collecting and using data (including health) from users through an Apple Watch you need to establish strong safeguards as this information is especially sensitive.
The following are a minimum of 4 things that you should put serious thought into including in your Privacy Policy, especially if your smartwatch app is collecting and processing data:
- Consider implementing an 'opt-in' policy. Also, if your Apple Watch app is collecting health data consider prohibiting sharing data with advertising platforms, data brokers, information resellers and/ or any other third parties.
- Privacy by design should be your strategy from the beginning. In other words, privacy should be a primary consideration from the development and design stages of your wearable app and at every stage thereafter.
It should not merely be an afterthought.
- You must be careful to be extremely open about your data use policies. This is the Privacy Policy legal agreement that you use which must be enforced and should be easily readable so that your user knows how their information is being collected, used, stored and shared.
- Finally, it's important that you adopt data minimization and destruction policies under which you will only collect data that is needed for a legitimate business purpose. This means that you should limit the data you collect to core functions and ensure that any data (especially health) you retain is minimal.
Given that Apple has described the Apple Watch as the 'most personal device' ever to be created, it's not surprising to read through the concerns have arisen.
The Attorney-General of Connecticut has expressed concerns over what issues could arise with regards to privacy and the new technology involved with the Apple Watch. These concerns apply to all wearable tech and you should take them seriously when developing new apps:
When new technologies emerge in consumer markets they inevitably lead to new questions, including questions about privacy
I have found that asking those questions and engaging in a proactive dialogue about privacy concerns before a product comes to market is an effective and mutually beneficial way to ensure that consumer privacy is protected. I am encouraged by Apple's representations that personal health information will be encrypted on the Apple Watch and that users will decide which applications gain access to their health data. However, as personal information will no doubt be collected and stored in some way, questions remain, and I look forward to the opportunity to have a discussion with Apple.
The Attorney-General sent a letter to Apple with five questions he had summarizing his concerns with the use of the Apple Watch and HealthKit:
- Whether Apple will allow consumers to store personal and health information on Apple Watch itself and/or on its servers, and if so, how information will be safeguarded;
- If and how Apple will review application privacy policies to ensure that users' health information is safeguarded;
- If and how Apple intends to enforce policies that require the rejection of applications that provide diagnoses, treatment advice, or control hardware designed to diagnose or treat medical conditions that do not provide written regulatory approval;
- What information Apple Watch and its applications will collect from users, and how Apple and application developers will obtain consent to collect and share such information with these individuals; and
- How Apple intends to monitor and enforces applications' compliance with its guidelines concerning users' health information.
Apple has already addressed some of these concerns in their updated App Store Review Guidelines document as they state that HealthKit apps cannot store health information collected from their users on iCloud, thus this addresses the Attorney-General's first concern.
It's likely that Apple will follow their model for HealthKit and require a Privacy Policy for WatchKit apps also.
Apple WatchKit allows you to create apps with two parts: an extension app that runs on the iPhone, and the user interface resource that run on the Apple Watch.
In that case, your legal agreement must be made available directly from the App Store:
Another consideration arising from this is the size of the screen of the Apple Watch, and what it means for these legal agreements. This will lend to the need for the Privacy Policy to be available prior to installation and at the very least on the related iPhone app.
Here's how Dropbox displays its Privacy Policy on the iPhone app:
Given that there is no specific guidance currently on how to address the design of a Privacy Policy for a wearable app, you can combine the above advice to ensure that you are handling user data in the best way possible.
Follow the 4 guidelines outlined above whilst taking into consideration the Attorney-General's concerns over the Apple Watch and how they may be relevant to your business.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.