There are two divisions in wearable technology – one that collects information about you and another about the wearer.
Speaking at a Halsbury’s Law Exchange event in central London, wearable technology was determined to be as powerful as a computer and it was difficult to nail down the “fluid borders”.
Andrew Caldecott QC said: “The key legal argument is that something should allow us to keep control of our own private information and we should be entitled to when we release it. It all sounds attractive, but you get a problem when one person wants to tell a story and that story involves somebody else who is part of the story and doesn’t want it to be told. It is all about conflicting values.”
Eduardo Ustaran, partner at Hogan Lovells said that there are two relevant elements to this: that we lack awareness of the individual that the technology is around you; and the second is the surreptitious collection of data. “That challenges the most traditional understanding of data protection in Europe, which is all about data protection being about the individual being in control of information about them, but wearable technology is the latest manifestation of the type of technology that is not putting you in control of your data at all,” he said.
“You are unaware of the amount of information that is being collected and how it is being used, so it challenges the most common understanding in principle of data protection as we have understood them.”
Jessica Bland, senior researcher in technology futures at Nesta, said that this stretches the definition of technology, as technologies can stretch your response and capabilities, but there is an issue of where data is collected and how it is used. Bland highlighted how personal data is collected and aggregated and used by a corporate. “When did that change happen, and what does that mean for the product of data,” she asked. “It is quite a difficult change.
Bland also criticised a “tick box culture” that has extended to this, as the time between the action and collection is unknown, especially as users probably did not read or sign the terms and conditions of use about data collection.
Ustaran commented that developers are now being asked to do privacy impact assessments to assess the privacy implications and level of intrusion up front, and that will become a more popular tool to determine the compliance of the technology with the law.
“Mainly because the idea of consent is becoming more of a fallacy, as we don’t know what is going to happen to that information so the emphasis is shifted, and it is right that it is,” he said.
“The individual is determining whether they are happy with what is done with their information and the user of the technology knows whether it is intrusive or not.”
Caldecott commented that “collection rarely leads to litigation”, and it is normally about misuse of collection about you by others.