This week the Financial Times reported how health and fitness apps are using data collected from users to sell to advertising and other partners. It’s not a surprise that apps are using data to monetize free services, but should you be worried?
We spoke to Andy Kahl, from Evidon in New York, the authors of the original report.
Health apps are not giving sensitive data to Insurance firms
The Telegraph reported that health and fitness apps were passing sensitive personal data on to insurance and pharmaceutical companies. But most countries have legal protection against health insurance companies using personal data for discriminatory practices, and Kahl states such behavior ‘would be securely in the realm of someone doing something they knew was wrong, and there’s no suggestion that that is happening.’
However, ‘pharmaceutical and health insurance companies are big advertisers, so as a standard advertising company, it would not surprise me if those companies were buying into this data.’ There is no evidence that this data is being used illegally at all.
We have talked with Runtastic and MapMyFitness. Runtastic says it does not share user data, while MapMyFitness says that any data sharing with third parties is transparent and opt-in.
Free apps are paid for with your data
So, if you use health and fitness apps, you shouldn’t worry that personal data is being used in a malicious way.
But you must be aware that when a product is free, as Kahl says, you are the product. The data you share with these companies is the cost of the product. The issue for Evidon is that some apps and companies are not transparent enough about this.
Transparency creates trust between users and apps
Kahl states that when consumers understand what data is shared and why, most will decide ‘this data is well worth me using this app.’ What upsets us is when we aren’t aware of what’s happening, and we see, for example, an advert relating to a health symptom we have searched for. He uses a Pizza place as an analogy:
‘You have a local pizza place and over time they learn what you like, and one day the proprietor says ‘oh hi, you’d like peppers and onions’ because he already know what pizza you like, that’s not a problem. You understand how that data was collected, and how it’s being used.
But if you were on vacation and you walk into a pizza place and a pizza chef you’ve never seen before says ‘oh, hi, peppers and onions?’
The data is not the problem, as you were probably about to give the pizza guy that very data. The data is not sensitive, but what’s weird is because it’s opaque how that data go from your local pizza place to this new place.
That’s pretty much how consumers view online tracking. If I understand exactly what is being used and why, I might think it’s worth it, but I need to be the one to make that informed decision. At the moment that’s probably not true.’
Could anonymous data be linked to an individual?
Kahl says that with legitimate companies, this data sharing should not be a worry. But there is a legitimate fear that were systems compromised, and ‘bad actors’ got hold of the data, it might be possible to link what is supposed to be anonymized data to individuals. Kahl states that ‘you have to work really hard to truly anonymize data, and if you’re asking could someone with bad intentions piece together this data to identify someone, the answer is frequently yes.’
Ask yourself: is the product that I’m using worth the data that I’m sharing?
So, as Andy Kahl says, it’s important that you are aware of what an app or service is going to share about you when you start using it. Companies should strive to be clear and open, and we should also be aware that a free service will have a cost, and decide whether the cost is worth what the app gives us.