在本文中,我们将讨论可穿戴设备和隐私。在我看来,这是一个代表性不足的话题,在当今的技术领域(technology landscape)中具有指数级增长的重要性。几乎每周都有新设备在(New)Kickstarter 和 IndieGoGo(Kickstarter and IndieGoGo)上发布,最重要的是,2014 年9 月(September 2014),苹果和英特尔(Apple and Intel)都宣布了他们在可穿戴设备市场上的第一个重要步骤。在您开始使用可穿戴设备之前,以下是您在数据隐私方面所暴露的内容。
普通人的观点
作为我使用可穿戴设备的最新项目的一部分,我正在与美国消费者讨论他们对最新小工具的认识和担忧(awareness and concerns)。几乎每次,我都听说他们担心如何使用可穿戴设备中的数据。让我给你一些报价:
- 亚历克斯:“现在,你为每个新下载的应用程序都放弃了个人信息。”
- 雅各布:“我不知道设备制造商拥有我的数据。这感觉像是对隐私的侵犯。”
- Gregory:“我不愿意与不认识我的人分享我的个人信息。”
- 迈克尔:“我的健康信息并没有完全由我控制,这让我很困扰。”
那么这些人为什么会担心呢?一方面,狂热的技术用户熟悉这句话:“如果你不为某事付费,你就不是客户;你是被销售的产品”。它最初是在这里(here)创造的,但今天我们面临着一个全新的模型。我们不仅为这些设备付费,而且从它们中提取的数据被匿名化、汇总并出售给愿意并能够从中提取见解的第三方。在某些情况下,这些数据被用于为英国石油(British Petroleum)等大公司的企业健康计划提供动力。对我来说,这一点也不奇怪。我有意识地选择与设备制造商共享我的数据(device maker)获得一些好处,例如睡眠分析或我的数据的长期报告功能。但我是一个超级用户(power user),他非常喜欢量化的自我运动(self movement),并且能够从测量中获得很大的好处。然而,这里的主要问题是,这对普通人来说是否值得?
什么是隐私政策?
“隐私政策是一份声明或法律文件(隐私法),披露了一方收集、使用、披露和管理客户或客户数据的部分或全部方式。” (来源:维基百科(Wikipedia))。我目前佩戴 7 个健身追踪器,每个都有自己的隐私政策(privacy policy):
我为什么要这样做?好吧(Well),出于多种目的。一个是能够试验它们之间的数据差异(是的,不要表现得感到惊讶——大多数时候它们不会给出相同的结果)。另一个是更好地了解他们每个人的优点和缺点,我自己。我已经查看了所有这些设备的隐私政策。让我们看看我发现了什么:
我发现的共同主题
所有隐私政策的共同主题大致如下:您的数据归他们所有(Your data is owned by them)。令人惊讶的是,实际上只有BodyMedia有能力提前说明这一点(当然,埋在法律术语的某个地方): (BodyMedia)“收集的所有数据,包括但不限于食物日志、体重、体脂百分比、传感器-数据、时间记录和生理数据(统称为“数据”)是且应始终是 BodyMedia 的唯一和专有财产”。但是,所有设备都会先将其数据同步到制造商的服务,然后再同步到您的手机应用程序(phone application)。这确保了两件事:
- 他们比其他人先看到数据。
- 如果不通过它们,您无法直接从设备中获取数据。
实际上,第二点并不完全准确。已经有不同的尝试从这些设备中释放数据并直接访问它,例如libfitbit。但是,作为非程序员使用它们并不容易,对于那些非常注意隐私的人来说,这使得这些设备成为禁忌。If forced by a warrant or by business interests (M&A / bankruptcy / trade secrets protection), they will share your data with third parties.这意味着,如果他们获得FISA 法庭命令,他们将不会那么努力地战斗(court order)交出您的数据,您会预先收到此警告。我认为这是诚实的,因为,让我们面对现实吧,作为一个企业,即使你不同意政府的政策,你也无能为力。他们将出于市场调查和研究目的与第三方共享汇总的匿名数据。(They will share aggregated, anonymized data with third parties for market research and research purposes.)请注意,7 个中有 5 个甚至在与数据共享相关的句子中使用了“销售”一词。这分为两种类型:“我们不出售从您那里收集的个人身份数据”或“ ACME Inc.可以将匿名数据出售给第三方”。这些数据究竟如何对营销人员有用?请阅读(Read)下面的专用部分以找出答案。接下来,我将重点介绍每个供应商的一些细节'(privacy policy)这对我来说似乎很有趣。
Jawbone UP & Nike & Misfit使用的隐私(Privacy)政策
Jawbone UP、Nike Fuelband 和 Misfit Shine(Nike Fuelband and Misfit Shine)最令人失望。他们有一般隐私政策,没有以任何特定方式提及可穿戴设备数据。他们拥有所有的cookie 跟踪(cookie tracking)和“网络信标”(跟踪像素)语言,但与数据本身无关。我已经在Twitter 上联系(Twitter)了所有 3 家公司,如果我收到有价值的东西,我会更新这篇文章。请注意,即使我没有设法在他们的网站上找到正确的隐私政策,(Privacy Policy)计算机程序员(computer programmer)仍然令人担忧拥有 8 年经验的人无法在合理的时间内做到这一点。更有趣的是,这三家公司都为开发人员提供了自动化的方式来提取你的数据,当然,在你的同意下。用程序员的话来说,这就是我们所说的API(应用程序编程接口(Application Programming Interface))。所以有人在我的数据之上开发应用程序,但我无法轻易找到我的数据是如何存储和处理的,至少设备制造商(device maker)是这样。哎哟。
卵石 - 一个积极的例子
我最喜欢Pebble的隐私政策(privacy policy)。它在顶部包含一个简单的摘要,旨在让您快速了解要遵循的法律术语。但是,阅读它时,我没有看到Pebble收集的生物特征数据。是的,Pebble 有一个加速度计(Pebble has an accelerometer),并且有很多应用程序在他们的商店中使用它来进行健身和睡眠跟踪。但官方应用只有通知等生产力功能。这使他们处于将生物识别数据的责任委托给第三方应用程序(party application)开发人员和他们自己的隐私政策的最佳位置。
BodyMedia 及其隐私政策
我喜欢BodyMedia的一点是他们对用户很坦率:“系统使用记录“臂章数据”的臂章活动监视器。您可以在任何时间、任何时间选择退出臂章数据记录,不戴臂章。” 因此,要么您发现使用我们的设备有足够的好处,以便您愿意与我们共享您的数据,要么您不这样做,我们也不想浪费彼此的时间。这也可以从他们的定价策略中看出(pricing strategy),因为他们是市场上唯一向您收费(每月 7 美元,前 6 个月后免费)在他们的仪表板中查看您的数据的公司。我发现很多人(甚至来自美国)不同意这一点,即使这是一个非常小的价格。在我看来, BodyMedia(BodyMedia)的最佳用例是减肥和保持体重。这就是他们在首页上推销自己的方式。对我来说,这很有价值,我愿意与他们分享我的数据。它对我的日常生活产生了重大影响(day life). 他们也是唯一提到在某些情况下您可能会同意与第三方共享您的数据的人,以获取免费接收设备的好处。这发生在现实生活中,在一些使用这些设备运行企业健康计划的公司中。
基础及其隐私政策
我觉得有趣的是,Basis一直坚持认为他们不会将您的生物识别数据与您的身份、您在谈论什么或您在哪里相关联。我个人觉得让别人知道我的睡眠模式比知道我在哪里更令人毛骨悚然。此外(Besides),手机信号(cell phone)塔、手机公司(cell phone company)以及政府已经知道我在哪里。所以我对此没有任何问题。Basis的真实故事(True story):当我获得美国签证(US visa),刚进入布加勒斯特大使馆时(Bucharest)面试时,保安很明显是让我把随身物品和电子设备留在入口处。我很好奇他们是否会让我带着B1 手表(B1 watch)通过——但后来他们问:“那个东西蓝牙(Bluetooth)启用了吗?”。我笑着把它拿出来。
Fitbit Flex 及其隐私政策
Fitbit 是销量冠军,我非常关注他们的隐私政策(privacy policy)。他们的隐私政策(privacy policy)的亮点在于枚举与他们的交互以及在每种情况下记录的数据:当您注册时,当您同步数据时等。我想说这也是由于他们在公司中的广泛渗透世界以及在进行此类大宗交易时需要对其数据政策更加透明。
第三方应用程序呢?
他们呢?您无法真正控制他们如何处理您的数据,因为他们背后的大多数开发商店都是一个人的表演(或者,一个穿着睡衣工作的多人团队:D)。是的,他们负责保护您的数据,但这可能不是他们名单上的(number one)第一要务。这既是好事,也是坏事。这很好,因为他们专注于使这些数据对您有用。要知道,可穿戴行业存在巨大的留存问题(retention problem)。根据 2014 年 1 月的Endeavor Partners(January 2014)报告((Secret)“(Endeavour Partners report)可穿戴设备内部:人类行为改变(Human Behavior Change Offers)的科学(Science)如何提供长期参与(Long-Term Engagement)”),至少 50% 的人在不超过 18 个月后完全停止使用活动跟踪器(activity tracker)。这还没有考虑到大多数人只是偶尔使用它们(例如,仅用于测量他们的锻炼) . 这很糟糕,因为我们都关心谁会收到我们的个人信息以及那里的安全性。老实说,在这个时间点上,您将不得不赤身裸体地去一个僻静的岛屿并躲在(island and hide)山洞中以停止数据收集为自己。这真的很难,我不确定这种好处对普通人来说是否值得。回到敬业度问题(engagement problem):这促使设备制造商以一种非常有趣的方式做出回应。大多数人已经转向时尚(你穿在身上的唯一没有功能的物品)和生产力(新一波智能手表,所有这些都内置了通知)。在我看来,这些只是让它们在你身上停留更长时间的策略,直到他们弄清楚如何真正处理你的生物识别数据(what to really do with your biometrics data)。但在这部剧中,每个人都几乎完全忽略了第三方应用。(party apps)它们对于设备制造商希望我们的长期保留(device maker)至关重要。(term retention)它们对于在数据中找到足以使我们受益的见解至关重要。你知道,设备制造商(device maker)公司的带宽有限,最近的收购浪潮表明,做这一切是不可持续的。然而,作为消费者,我们非常怀疑与他们分享我们的数据。我认为在这一点上,分享您的数据就像分享您的商业理念(business idea)一样:有些人会害怕分享它,但他们没有意识到大多数其他人甚至不感兴趣(或者没有时间)首先看看它。
营销人员如何使用聚合的可穿戴设备数据(Wearables Data)?
上面(Above),我们提到大多数隐私政策都提到以聚合形式出售给营销人员的聚合数据。您是否仍然想知道这些数据对营销人员有何用处?Jawbone在其(Jawbone)关于睡眠的系列报告(series of reports on sleep)中开始向我们提供关于这一点的第一个提示。我能想到的一些明显的用例是:
- 使用数据了解哪些人口统计数据更需要安眠药(或相关产品)。然后为他们创建广告系列。
- 使用这些数据来确定内容制作者何时更有效地向他们提供一些相关的内容。我猜电视节目(TV show)的所有者永远不知道我是真的在看他们的节目还是只是在打瞌睡。现在他们仍然不知道,但至少他们会从统计的角度得到一个很好的主意。
- 找出(Find)哪些人口统计数据更活跃,并向他们展示更多与体育产品相关的广告(例如蛋白质奶昔)。
然而,这些用例显然需要不断地将数据流输入设备制造商的系统。相信我,有差距和不一致的数据很难处理。但是,如果没有一些好的隐私政策可以说服最终用户更多地信任设备制造商,也没有双方对第三方应用程序开发人员的大力支持,我认为这不会发生。(party app)可悲的是,可穿戴设备会对你的生活产生巨大影响。
结论
首先(First),我认为可穿戴数据的情况在这一点上是相当纠结的。我看到了各个层面的担忧,从我采访的实际消费者开始,到大公司结束。但是,这需要一段时间才能解决,这可能是苹果(Apple)的健康应用程序(Health application)和政府批准的底层数据存储的原因。我们也可以看到其他参与者的类似举措。我认为大多数设备制造商现在都在努力解决更紧迫的问题,并且有充分的证据证明这一点。缺乏长期参与(term engagement)使他们无法正确地将所收集的数据货币化,从而无法拥有可持续的商业模式(business model). 什么,你认为销售硬件设备(hardware device)的利润足以让他们继续经营下去吗?也许吧,但可能只适用于MotoX 或 Apple Watch(MotoX or Apple Watch)等高端产品。我的最后一点是,很多消费者购买或想要使用它们是因为他们看到它们,被朋友或同事使用,但他们并不真正了解它们的好处。虽然这足以推动智能手机的普及(smartphone adoption),但那是因为智能手机也是一部手机。但是这些设备具有前所未有的功能,没有人真正确定它是否有用。看不到好处会使消费者专注于隐私而不是功能。在我看来,这对产品来说是一个非常糟糕的信号。我们都知道GMail正在与政府共享我们的数据,但功能非常好,以至于我们大多数人仍然看到使用它的额外好处。
What Is The Wearables Industry Doing With The Data From Your Gadgets?
In this article, we are going to tаlk аbout wearable devices and privacy. In my opinіon, this is a heavily underrepresented topic, with exponentially growing importance in today's technology landscape. New devices are launching almost every week оn Kickstarter and IndieGoGo and to top thаt off, in September 2014, Apple and Intel both annoυnced their firѕt imрortant steps іn the wearables market. Before you start using а wearable device, here's what you expose yourself to in terms of data privacy.
A Regular Person's Perspective
As part of my newest projects using wearables, I am talking to US consumers about their awareness and concerns with the latest gadgets. Almost every time, I hear that they are worried about how the data from their wearables might be used. Let me give you a few quotes:
- Alex: "These days, you give up personal information for each new downloaded app."
- Jacob: "I did not know that the device makers own my data. That feels like an invasion of privacy."
- Gregory: "I am reluctant to share my personal information with someone who does not know me."
- Michael: "It bothers me that my health info is not fully controlled by me."
So why are these people concerned? For one thing, avid technology users are familiar with the phrase: "If you're not paying for something, you're not the customer; you're the product being sold". It was initially coined here but today we are facing a whole new model. Not only are we paying for these devices, but the data extracted from them is being anonymized, aggregated and sold to third parties who are willing to and able to extract insights from it. In some contexts, the data is being used to power corporate wellness programs in huge corporations like British Petroleum. To me, this isn't surprising at all. I consciously make a choice to share my data with the device maker for some benefits like sleep analysis, or longer term reporting capabilities with my data. But I am a power user, who is very much into the quantified self movement and is able to derive a good chunk of benefit out of getting the measurements. The main question here is, however, is it worth it for the average person?
What Is A Privacy Policy?
"A privacy policy is a statement or a legal document (privacy law) that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data." (source: Wikipedia). I currently wear 7 fitness trackers, each with its own privacy policy:
Why do I do that? Well, for multiple purposes. One is for to able to experiment with data differences between them (yes, don't act surprised — most of the time they will not give the same results). Another is to understand better which are the pros and cons for each of them, on myself. I have reviewed the privacy policies for all of these devices. Let's see what I found out:
The Common Themes I Have Found
The common themes among all the privacy policies are somewhere along the following lines: Your data is owned by them. Surprisingly enough, only BodyMedia actually has the balls to state this up-front (buried somewhere in legalese, of course): "All data collected including, but not limited to, food-logs, weight, body-fat-percentage, sensor-data, time recordings, and physiological data (collectively, the "Data"), are and shall remain the sole and exclusive property of BodyMedia". However, all devices sync their data to the maker's services first, and then to your mobile phone application. This ensures two things:
- They see the data before anyone else does.
- You cannot directly fetch the data from the device without going through them.
Actually, the 2nd point is not entirely accurate. There have been disparate attempts at liberating the data from these devices and accessing it directly, such as libfitbit. However, they are not easy to use as a non-programmer, and for people who are extremely careful about their privacy, this makes the devices a no-no. If forced by a warrant or by business interests (M&A / bankruptcy / trade secrets protection), they will share your data with third parties. This means that effectively, they will not fight that hard if they get a FISA court order to surrender your data, and you get this warning up-front. I think this is honest, because, let's face it, as a business, you can't do much to fight the government's policies, even if you disagree with some of them. They will share aggregated, anonymized data with third parties for market research and research purposes. Note that 5 of 7 even use the word "sell" in sentences related to data sharing. That comes into 2 flavours: either "we do not sell personally identifiable data collected from you" or "ACME Inc. can sell anonymized data to third parties". How in the world could this data be useful to marketers? Read below in the dedicated section to find out. Next, I will highlight some specifics for each vendor's privacy policy that seemed interesting to me.
The Privacy Policies Used By Jawbone UP & Nike & Misfit
Jawbone UP, Nike Fuelband and Misfit Shine were the most disappointing. They have general privacy policies that do not mention wearables data in any specific way. They have all the cookie tracking and "web beacons" (tracking pixels) language, but nothing related to the data itself. I have reached out to all 3 companies on Twitter and will update this article if I receive something of value. Note that even if I did not manage to find the correct Privacy Policy on their website, it's still worrisome that a computer programmer with 8 years of experience cannot do that in a reasonable amount of time. What's even more interesting, is that all three companies have automated ways for developers to pull in your data, with your approval, of course. In programmer parlance, this is what we call an API (Application Programming Interface). So there are people out there developing apps on top of my data, but I cannot easily find how my data is being stored and processed, at least by the device maker. Ouch.
Pebble - A Positive Example
I like Pebble's privacy policy the best. It contains a simple summary at the top, meant to get you a quick overview of the legalese that is to follow. However, reading it I saw no reference to biometric data collected by the Pebble. Yes, Pebble has an accelerometer and there are a bunch of applications using it for fitness and sleep tracking in their store. But the official application only has productivity functions such as notifications. This puts them in the sweet spot of delegating responsibility for the biometrics data to the third party application developers and their own privacy policies.
BodyMedia & Their Privacy Policy
The thing I like about BodyMedia is that they are upfront with their users: "The system uses an armband activity-monitor which records "armband data". You may opt-out of armband-data recording at any time, for any period of time, by not wearing the armband." So either you find a good enough benefit in using our device, so that you are willing to share your data with us, or you don't and we don't really want to waste each other's time. This can also be seen in their pricing strategy, since they are the only ones on the market that charge you ($7 per month, after the first 6 months for free) to see your data in their dashboard. I found that a lot of people (even from the US) disagreed with this, even if it's a very small price. In my opinion, the best use-case for the BodyMedia is weight loss and weight maintenance. And that is how they market themselves on the front page. To me, that is valuable enough that I would share my data with them. It has a major impact in my day to day life. They are also the only one to mention that there might be situations where you will agree to share your data with a third party, for a perk of, say, receiving the device for free. This happens in real life, in some companies that are running corporate wellness programs with these devices.
Basis & Their Privacy Policy
I find it interesting that Basis keep insisting that they do not correlate your biometrics data with who you are, what you are talking about or where you are. I personally find it much creepier for someone to know my sleep patterns than to know where I am. Besides, the cell phone towers, the cell phone company and thus the government already know where I am. So I don't have any issue with that. True story with Basis: when I was getting my US visa, and just entering the embassy in Bucharest for the interview, the guards obviously told me to leave my belongings and electronic devices at the entrance. I was curious if they would let me through with the B1 watch — but then they asked: "Is that thing Bluetooth enabled?". I grinned and took it out.
Fitbit Flex & Their Privacy Policy
Fitbit is the champion in terms of the number of units sold and I paid quite a bit of attention to their privacy policy. What shines about their privacy policy is the enumeration of the interactions with them and what data gets recorded in each case: when you sign up, when you sync your data, etc. I would say that is also due to their extensive penetration in the corporate world and the need to be more transparent with their data policies when making big deals like that.
What About Third Party Apps?
What about them? You cannot really control what they do with your data, since most development shops behind them are a one-man show (or well, a several-person team working in their pajamas :D). Yes, they are responsible for the safeguarding of your data, but probably that will not be the number one priority on their list. That's both a good thing, and a bad thing. It's good because they are focusing on making that data useful to you. You know, the wearables industry has a huge retention problem. According to a Endeavour Partners report from January 2014 ("Inside Wearables: How the Science of Human Behavior Change Offers the Secret to Long-Term Engagement"), at least 50% of people stop using an activity tracker completely after no more than 18 months. And that does not take into account that most people only use them occasionally (for example, only to measure their workouts). It's bad because we are all concerned about who receives our personal information and how safe it is there. To be honest, at this point in time, you would have to go naked to a secluded island and hide in a cave to stop data collection for yourself. It's really really hard, and I'm not sure if the benefit is worth it for the average person. Getting back to the engagement problem: this has prompted the device makers to respond in a very interesting way. Most have shifted towards fashion (the only objects you wear on your body that have no function) and productivity (the new wave of smart watches, all of which have built in notifications). In my opinion, these are just strategies to keep them on your body just a little longer, until they figure out what to really do with your biometrics data. But everyone is ignoring third party apps almost completely in this play. They are essential to the long term retention that the device makers want from us. They are essential for finding insights in the data that are good enough to benefit us. You know, the device maker companies have limited bandwidth and the recent wave of acquisitions has shown that it's not sustainable to do it all. Yet, us, as consumers, are very skeptical of sharing our data with them. I think that at this point, sharing your data is just like sharing your business idea: some people will be afraid to share it, but they don't realise that most other people are not even interested (or don't have the time) to look at it in the first place.
How Could Marketers Use Aggregated Wearables Data?
Above, we mentioned that most of the privacy policies mention aggregated data being sold to marketers in an aggregated form. Are you still wondering how the data might be useful to marketers? Jawbone started to give us the first hints about that in its series of reports on sleep. A few obvious use-cases that I can think of are:
- Use the data to know which demographics need sleeping pills (or related products) more. Then create campaigns for them.
- Use the data to determine when it is more effective for content producers to deliver some relevant piece of content to them. I guess TV show owners never knew if I was really watching their show or just dozing off. Now they still won't know, but at least they will get a pretty good idea from a statistical point of view.
- Find out which demographics are more active, and show them more ads related to sports products (for example, protein shakes).
However, these use-cases clearly need a constant flow of data into the systems of the device makers. And data with gaps and inconsistencies is very hard to process, trust me. But without some good privacy policies that would convince the end-users to trust the device makers more and some strong support for the 3rd party app developers from both sides, I do not see this taking off the ground. And the sad part is that wearables can have a huge impact on your life.
Conclusions
First off, I think the situation of the wearables data is quite tangled at this point. I see concern at all levels, starting from the actual consumers that I interviewed and ending with big companies. However, it will take a while until this gets sorted out, and this is probably the reason for Apple's Health application and underlying government-approved data storage. We can see similar initiatives from other players as well. I think that most device makers are struggling with more pressing issues right now and there is ample evidence for that. Lack of longer term engagement is preventing them from properly monetizing the data they are collecting and thus from having a sustainable business model. What, you thought that the margin from selling the hardware device will be enough to keep them in the business? Maybe, but probably only for the high-end ones such as the MotoX or Apple Watch. My last point is that a lot of consumers are buying them or want to use them because they see them around, being used by friends or coworkers, but they do not really understand their benefit. While this was enough to drive smartphone adoption, that was because the smartphone was also a phone. But these devices have an unprecedented functionality, that nobody is really sure is useful. Failing to see the benefits makes consumers concentrate on privacy instead of functionality. In my opinion, that is a very bad sign for a product. We all know GMail is sharing our data with the government, but the functionality is so good that most of us still see an added benefit to using it.