Fitness Tracking Startups Are Sweating Due to EU Privacy Regulators

Startups hoping to sell health tracking devices and software to corporate customers are worried European regulators will torpedo their business model, according to Bloomberg.

Employers should be banned from issuing workers with wearable fitness monitors, such as Fitbit, or other health tracking devices, even with the employees’ permission, a European Union advisory panel said in June. Employers should also be barred from accessing data from their devices their employees wear, even if it is only aggregate data for the entire workforce or anonymous data, the EU body said.

Since the ruling, concern has grown among both small startups and more established players who sell wearable devices and software to businesses, often on the prospect of improved employee health and lower medical insurance premiums.

According to Fitbit, employees should be informed of how their data will be used, who would have access to it, and be given the choice of opting out of any data sharing without adverse consequences, the company said. But the EU advisory body said in its opinion that such transparency was probably insufficient.

“Given the unequal relationship between employers and employees,“ the body said, workers were probably never able to give legally valid consent to have their data shared. “Even if the employer uses a third party to collect the health data, which would only provide aggregated information about general health developments to the employer, the processing would still be unlawful.“

The EU’s privacy rules are set to become somewhat more streamlined from May 2018, when the new General Data Protection Regulation goes into effect. The new regulation says that when considering any employee tracking, businesses should select “the most data privacy friendly solutions“ available. It also requires the business to carry out impact assessments before implementing technology or procedures that pose a high risk to individual privacy rights.

Not everyone disagrees with the European regulators’ conclusion. David Plans, CEO of BioBeats, a London-based company that uses wearable sensors and a mobile app to help employees better manage stress, said he welcomed it. He said BioBeats had encountered potential customers who wanted to access the data BioBeats collects and that the company had always resisted on privacy grounds. The EU opinion would mean BioBeats would not be at a disadvantage compared to competitors who were more willing to share data with employers.