You are you’re data.
In the early 2000’s consumers who fell behind on their credit card payments never thought that five years later employers would use their credit reports to determine their job worthiness. Some avid social media users must have realized that insurance companies, the IRS, law enforcement, and credit agencies would soon use their their data to investigate fraud, determine creditworthiness, and monitor other potentially illegal activity. They should have as history suggests.
This pattern is repeating itself, with countless consumers today casually sharing highly personal health data through wearable computing hardware, cloud-based quantified self platforms, and even retail loyalty programs without so much as a thought to the potential implications. My argument isn’t one against the quantified self movement. But if history is any guide naive, blind participation without considering the implications of your data being recorded and shared with third parties is reckless.
As we document and share more of where we go, what we do, who we spend time with, what we eat, what we buy, how hard we exert ourselves, and so on, we create more data that companies can and will use to evaluate our worthiness – or lack thereof – for their products, services, and opportunities. For those of us who don’t measure up compared to the rest of the population, the outcome won’t be pretty.
It will also be our own fault. Consumers are signing up to collect and share personal data at an alarming rate via sleep monitors, pedometers and activity trackers, dietary logs, brainwave monitors, grocery and restaurant loyalty cards, credit cards, Foursquare and Facebook check-ins, and photo geotagging, among other means. As insurers, lenders, and others attempt to manage risk, they will inevitably turn alternative data sources to round out the picture of each consumer applicant – in fact, they already are.
According to a sales rep for a midwest data co-location and analytics startup who asked to remain anonymous, regional hospitals, insurers, and grocery retailers are already investigating ways to work together to translate consumer purchase data into health risk profiling insights. Kevin Pledge, CEO of underwriting-technology consultancy Insight Decision Solutions told the Economist last year that he has forgone the use of supermarket loyalty-cards and begun paying cash for his burgers to avoid this very type of profiling. The same article mentions a life-settlements firm declining to purchase an insurance policy based on social media activity that contradicted the supposed poor health of the policy-holder.
These are far from the only example of companies reaching further into our personal data –consumer reports has a rundown of many others – but they should be enough to make us all rethink that package of bacon, those dozen Krispy Kremes, or those Marlboros. One day, the same analysis is likely to be applied to how often we exercise, the length and quality of sleep we get, our eating habits, and possibly even the health of our sex lives.
CVS, for example, has started to require its employees to submit their weight, body fat, glucose levels, and other vitals monthly or pay a fine to cover increased health insurance premiums. If that data was available for the majority of its employees via a quantified self company (or several), CVS and other employers might not even have to ask – and the seemingly fit employee with a secret pound of bacon a day habit may never know why his health insurance premiums are double those of co-workers.
For the last year, State Farm Insurance has been taking a similar approach by offering auto insurance customers discounts for installing real-time monitoring devices into their vehicles coupled with safe driving. Again, if a real-time location smartphone app – or GPS and accelerometer enabled wristband or glasses – is already tracking this data, the insurance carriers might skip the asking, and the discount, and go straight to the database to pass judgment.
One of the most frightening companies in the entire sector is LexisNexis, whose ambition, if I were to paraphrase it, is to have a comprehensive record of every piece of available information on every person in the world – including their current and past residence, spending history, banking information, health information, etc., after scary, etc. And they’re not as far away from this goal as you might think.
Perhaps most troubling was the 2009 merger between VeriChip and Steel Vault (now PositiveID), which combined the first ever human-implantable RFID microchip and the credit-scoring and identity-theft-protection website NationalCreditReport.com. We haven’t heard much from the company since and its website indicates that PositiveID has shifted its focus toward medical applications, but the concept behind the merger remains frightening yet entirely possible.
Many expect the government to protect consumers from this type of potential privacy invasions, but the legislature has demonstrated a pattern of ignoring the ethics of bleeding edge technological issues until the line has been crossed, and then typically bungling things badly on the first few attempts, before, in some cases, arriving at a generally-tenable solution. Peer-to-peer file-sharing, net neutrality, software patents, stem cell research, and the recent SOPA, CIPA debates are all areas where Congress has appeared badly out of step with the world of technology. As such, it’s foolish to leave such matters in the hands of the government.
Really, it all comes down to each individual protecting his own data by virtue of the Terms of Service, Terms of Use, and Privacy Policies that he agrees to with each application. In general, the hardware manufacturers and service providers in the quantified self space seem to have taken a fairly consumer-friendly stance initially (see select highlights below), but it’s not unheard of for company’s privacy policies and terms of use to change – see Instagram. Also, it’s rare to see a pitch from quantified self startup that doesn’t point to data monetization as part of its long term business roadmap. As consumers grow more comfortable with the idea of sharing personal information online, it’s likely these ethical boundaries will be eased.
It’s not only just the first tier company that has the potential to share consumer data, but every dashboard, analytics platform, gamification service, social sharing tool, and other related product that is granted access to the underlying service. Your personal data security is only as strong as the weakest link in your quantified self ecosystem.
It’s easy to come off sounding paranoid, and many would argue that the value received from quantified self devices and services justifies the risk. But it’s not those who consciously make that decision I’m worried about. It’s those who buy a Jawbone Up because it’s sold at the Apple Store then connect it to several Web apps because their trainer recommends them without considering long-term implications. Data is powerful, and just as it has the power to enhance our lives, in the wrong hands it can also harm us.
Photo credit: Memory Beta
Via Pando Daily