It has turned out to be a strange week for data collection, data that is either automatically backed up to company servers or collected as a part of normal operations. And not just any data, sensitive, personal data including detailed geo-location.
First up was Uber who threatened to expose detailed ride history of reporters. Then they introduced us to “God View,” a map view that “shows the location of Uber vehicles and customers who have requested a car, was widely available to corporate employees.” On Tuesday I wrote about the extremely sensitive information they have and how seemingly nonchalant they are about accessing it, not in aggregate but for individual users. It seems that under the umbrella of “our internal business purposes” Uber gives itself permission to do anything with that data.
Yesterday it was the car manufacturers feeling proud of themselves for putting together a privacy statement saying that they will collect location, driving behavior, frequent destinations and other driving data. There is no opt-out. If you buy a car, by any manufacturer, you agree to these terms.
Then today I read about how data from fitness trackers, in this case Fitbit, can be submitted as evidence in court cases. “Insurers can’t force claimants to wear Fitbits. But they can request a court order from anyone who stores wearable data to release it.” It’s not only the legal system but employers and insurance companies who are worried about the well-being of their employees. What happens when wearing a fitness tracker and making that data available to employers becomes a condition of health insurance coverage?
Fitbit saves, as they put it, everything but credit card info: “When you sync your device, data about your activity is transferred from your device to our servers. This data is stored and used to provide the Fitbit Service. Each time a sync occurs, we also log data about the transmission. Some examples of the log data are the sync time and date, device battery level, and the IP address used when syncing.” As in Uber and the car manufacturers, there is no way to opt out of the data collection on company servers. “If you want to access data collected by your Device from the Fitbit App, you must create a Fitbit account.” As I understand it, there is no other way, as a user, to even look at that data.
Lest you think I’m picking on Fitbit, Jawbone, another wearable fitness band, posted this after the Napa earthquake in August and shared how Bay Area sleepers were affected by the quake. In aggregate, sure, but eerily like the Uber “Rides of Glory” analysis.
Just a reminder, Uber, cars and fitness wearers are all products that users pay good money for. These aren’t free apps and free web services where the user agrees to be the product. Yet the data they store is valuable to them as the income they receive from selling the product. And there is no opt-out. The only promise they make users are “trust us, we’ll use this data wisely.”
Well, Uber has shown that it can’t be trusted. Can the fitness trackers?
A finale note: as a product manager, I’m not immune to the need to collect data and I don’t think it should be completely halted. That’s unfeasible. I just believe that products should collect only the data they need and treat that data with utmost respect.