Wear’s the market?
The UK market for wearable technology is growing exponentially. In 2014, the market was widely reported as being worth £313 million (based on predictions published in research by Samsung). The 2015 market is predicted to double in value. The overwhelming majority of wearable products sold to date are limited-purpose health and fitness trackers, but 2015 sees the launch of a wider range of multi-purpose devices, such as Apple’s iWatch.
The disruptive potential of the wearables market can easily be overstated. While the numbers are big, in the context of the wider mobile telecoms market wearables are insignificant. By way of illustration: the UK Government’s report 'Communications Industry in the UK: Investment Opportunities In the UK' stated that the UK’s mobile device market was valued at £14 billion annually and included 80 million mobile subscribers (of which up to half are smartphone users). That report was published in February 2015 and the numbers will only have increased since. Wearables should not be expected to significantly erode traditional mobile markets any time soon – hardly surprising, as almost all of the functions of a wearable device can be performed with more facility by a smartphone.
So where might we see wearables having a significant impact? Where might we see them used, and what issues might this raise?
Wear’s the impact?
At the risk of stating the obvious, the unique selling point which differentiates wearable technology from existing products is its proximity to the human body. Wearables may be better at monitoring and recording biometric data such as body movement, heart rate, blood pressure and so on. They may also be better at recording the location of the wearer. Wearables may enhance the wearer’s performance, through physical augmentation or through visualisation enhancement such as that offered by Google Glass. This latter enhancement, often referred to as “augmented reality”, involves the overlay of digital imagery and information in the wearer’s field of vision.
Most of the benefits offered by wearable technology are inessential to the majority of the consumer market, which is why we should expect wearables to serve specialised functions in differentiated fields. The excitement around wearables should be in the limited markets where their technology presents a legitimate step change rather than in the consumer high-street market glutted with low-end fitness trackers destined for eventual landfill.
Some examples of the more interesting developments might include:
personal GPS. In the domestic context this might allow parents to monitor the location of children or elderly and infirm relatives. In business contexts this might allow employees to be monitored for security or performance management purposes;
medical monitoring. Key medical information (blood pressure, insulin levels, heart rate) can be relayed to the wearer and to medical service providers in real-time, allowing early intervention in the case of medical emergencies;
body-worn video. Already familiar from helmet-cams and Google Glass, body-worn video involves recording audiovisual images and footage through wearables, and is widely used in security, exploration and emergency services industries;
Augmented Reality. Like its sister virtual reality, AR has many potential applications, including computer aided design, training (eg flight or surgical training), tourism and gaming. However, unlike VR (which necessarily requires the player / user to be in a static environment), AR is mobile. This means the possibilities for social play and interaction are far broader (and the possibilities for advertisers far riper).
Wear are the legal issues?
None of these developments (or wearable technologies in general), pose new legal issues. However, they do raise a new context in which to assess existing legal issues, and most prominently the issues of privacy and data protection.
Wearables and services delivered using wearables will need to comply with the Data Protection Act 1998. This means that the data subject (ie the wearer) will need to have given specific and informed consent to the use of personal data collected via the wearable. In order that this consent should be sufficiently informed, suppliers of wearable tech will need to set out (and fully understand themselves) what data will be collected, the purposes for which it will be used, the persons who will use it and to whom it will be transferred and where it will be stored. This information needs to be provided to the data subject prior to or at the point of data capture.
In addition, providers will need to ensure that collected data is appropriately managed. They should not retain data longer than necessary, should take appropriate technical and organisational steps to keep the data secure and should keep track of where and what data is stored in order to properly respond to data access requests raised by individual data subjects. These obligations may be more pronounced in relation to sensitive personal data, which as defined in the Data Protection Act includes data relating to physical or mental health – so the biometric or medical information collected by wearables. There is also a range of information which is not defined as “sensitive” by statute but which presents a more significant risk to privacy and security should it be disclosed – for example, records of a data subject’s daily movements.
In order to combat some of these difficulties, the Information Commissioner’s Office (ICO) recommends that privacy should be “baked in” to the design of all wearable technology. This may entail features such as:
data minimisation – by default, not collecting any personal data other than that which is essential for the specific purposes to which the user has consented;
keeping data processing local – ideally personal data should be processed on the device itself, with only anonymised data transferred to the supplier for processing;
ensuring that data collected by wearable suppliers is kept in facilities which allow ease of responding to data subject access requests and portability of the personal data (including to replacement suppliers);
providing choice – taking the “local processing” example further: if processing of the user’s personal data by the supplier’s cloud-based service offers some material advantage, then the user could be offered the choice of local or cloud-based processing;
allowing for granularity – expanding on the concept of “choice”, the user could be allowed granular choices addressing the time, frequency or type of personal data collected;
ensuring that devices contain mechanisms to alert users to changes in data processing procedures or to security weaknesses which may arise from time to time.
Employers should also be alert to the legal ramifications of using and allowing wearable devices in the workplace. Employee monitoring will only be permissible if carried out in accordance with data protection and employment law, and with due respect for fundamental rights of privacy. There are also significant risks in issuing employees with body-worn video (or allowing it in the workplace at all), as the constant presence of a camera presents privacy risks to individuals as well as confidentiality risks to the business itself.