Connected health devices violate users privacy
28. september, 2017
The health devices that were tested are intended to simplify and improve everyday life for people. However, several app-connected blood pressure gauges and blood glucose-monitoring devices fall short of properly protecting the privacy and consumer rights of users, according to the Norwegian Consumer Council.
The Norwegian Consumer Council encourage users to think twice about connecting health devices, which collect sensitive personal information, to the internet.
– Although the features of these services can be useful to people, it is unacceptable that some apps contribute to users losing control their own health data, says Anne Kristin Vie, Director of Public Services and Health at the Norwegian Consumer Council.
They have investigated the consumer and privacy-related aspects of four blood pressure gauges and three blood glucose-monitoring devices used together with smartphone apps. The consultancy company Bouvet has carried out the technical part of the test on behalf of the Norwegian Consumer Council.
– Unfortunately, users often have to waive basic consumer rights in order to use the apps that are used with the devices, says Vie.
Weak security practices
The apps provided with the devices contribute to enhanced functionality such as measurement history, visualization of results and other additional features, including the ability to report results electronically to your doctor. However, several of them fall short in terms of privacy and security, and give unsatisfactory information about user rights.
Some of the apps send potentially sensitive information to companies in East Asia and North America, without the users being properly informed about this. The Consumer Council believes that the standards of security for internet-connected healthcare products are often too low.
– It is not okay that, by using health-monitoring devices, you risk your health information being sold to, for example, insurance companies or other unauthorized entities. This is information that is commercially attractive for many actors, says Vie.
– The health tech industry must make sure that terms and practices do not violate users’ privacy and basic consumer protection. The users should not have to fear that their information could be used for harmful, direct marketing or price discrimination, Vie says.
Lack of secure ways to share health data
The Norwegian Consumer Council also encourages people to avoid e-mailing the health information registered by the devices to others, including your own doctor. Many of the apps that were tested directly encourage users to share their health data, either through e-mail or social media.
– E-mail is not a sufficiently secure channel to send data about your own health, Vie says.
At the same time, she points out that devices intended for home testing can be both accurate and user-friendly.
– This kind of technology has proved to be useful for people, and is readily available in stores, in pharmacies and online. Nevertheless, people need secure ways to share the information that the devices collect with, for example, their doctor, Vie says.
These are the tested products
* Terms are not included with this product and have therefore not been tested.
Anne Kristin Vie, Director of Public Services and Health at the Norwegian Consumer Council.
Phone: (+47) 995 68 816
Press photo: Anne Kristin Vie
Ten requirements for the industry
Do you represent the health tech industry and want satisfied users and increased trust? Read our 10 consumer demands to digital services.