Privacy Challenges in the Quantified Self Movement – An EU Perspective

Open access

Abstract

The gathering of data about oneself (such as running speed, pulse, breathing rate, food consumption, etc.) is rapidly becoming more popular, and has lead to the catch phrase “Quantified Self” (QS). While this trend creates opportunities both for individuals and for society, it also creates risks, due to the data’s personal and often sensitive nature. Countering these risks, while keeping the benefits of QS services, is a task both for the legal system and for the technical community. However, it should also take users’ expectations into account. We therefore analyze the legal situation of QS services based on European law and the privacy policies of some major service providers to clarify the practical consequences for users. We present the result of a study concerning the users’ views on privacy, revealing a conflict between the user’s expectations and the providers’ practices. To help resolve the conflict, we discuss how existing and future privacy-enhancing technologies can avoid the risks associated with QS services.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] adidas Group. Adidas Group acquires Runtastic. http://www.adidas-group.com/en/media/news-archive/pressreleases/2015/adidas-group-acquires-runtastic/ Aug. 2015. Press Release.

  • [2] I. Ajzen. The theory of planned behavior. Organizational Behavior and Human Decision Processes 50(2):179-211 1991. Theories of Cognitive Self-Regulation.

  • [3] Apple Inc. Developer: HealthKit. Webpage. https://developer.apple.com/healthkit/.

  • [4] M. Baldauf S. Dustdar and F. Rosenberg. A survey on context-aware systems. International Journal of Ad Hoc and Ubiquitous Computing 2(4):263-277 2007.

  • [5] M. B. Barcena C. Wueest and H. Lau. How safe is your quantified self? Technical report Symantec Aug. 2014. Version 1.1.

  • [6] M. Borghi F. Ferretti and S. Karapapa. Online data processing consent under EU law: a theoretical framework and empirical evidence from the UK. International Journal of Law and Information Technology 21(2):109-153 2013.

  • [7] J. Camenisch and A. Lysyanskaya. Signature Schemes and Anonymous Credentials from Bilinear Maps. In M. K. Franklin editor Advances in Cryptology - CRYPTO 2004 24th Annual International Cryptology Conference Santa Barbara California USA August 15-19 2004 Proceedings volume 3152 of Lecture Notes in Computer Science pages 56-72. Springer 2004.

  • [8] M. Conner and C. J. Armitage. Extending the Theory of Planned Behavior: A Review and Avenues for Further Research. Journal of Applied Social Psychology 28(15):1429-1464 1998.

  • [9] A. Daly. The law and ethics of ‘self-quantified’ health information: an australian perspective. International Data Privacy Law 5(2):144-155 2015.

  • [10] R. Dingledine N. Mathewson and P. F. Syverson. Tor: The Second-Generation Onion Router. In M. Blaze editor Proceedings of the 13th USENIX Security Symposium August 9-13 2004 San Diego CA USA pages 303-320. USENIX 2004.

  • [11] Eugene Mandel. How the Napa Earthquake affected Bay Area sleepers. Webpage August 2014. https://jawbone.com/blog/napa-earthquake-effect-on-sleep/.

  • [12] Flurry. Health and Fitness Apps Finally Take Off Fueled by Fitness Fanatics. Webpage June 2014. http://flurrymobile.tumblr.com/post/115192181465/health-and-fitness-appsfinally-take-off-fueled.

  • [13] M. Freedman K. Nissim and B. Pinkas. Efficient private matching and set intersection. In C. Cachin and J. Camenisch editors Advances in Cryptology - EUROCRYPT 2004 volume 3027 of Lecture Notes in Computer Science pages 1-19. Springer Berlin Heidelberg 2004.

  • [14] J. Girao D. Westhoff and M. Schneider. CDA: concealed data aggregation for reverse multicast traffic in wireless sensor networks. In 2005 IEEE International Conference on Communications 2005 volume 5 pages 3044-3049 Vol. 5 May 2005.

  • [15] P. Gola C. Klug B. Körffer and R. Schomerus. BDSG: Bundesdatenschutzgesetz: Kommentar. C.H.Beck 11th edition 2012.

  • [16] J. Grossklags and A. Acquisti. When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To- Protect Personal Information. In 6th Annual Workshop on the Economics of Information Security WEIS 2007 2007.

  • [17] M. Gruteser and B. Hoh. On the Anonymity of Periodic Location Samples. In D. Hutter and M. Ullmann editors Security in Pervasive Computing volume 3450 of Lecture Notes in Computer Science pages 179-192. Springer Berlin Heidelberg 2005.

  • [18] A. Hilts C. Parsons and J. Knockel. Every step you fake - a comparative analysis of fitness tracker privacy and security. Technical report Open Effect 2016. Version 0.3.

  • [19] R. Hoyle R. Templeman S. Armes D. Anthony D. Crandall and A. Kapadia. Privacy behaviors of lifeloggers using wearable cameras. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing UbiComp ’14 pages 571-582 New York NY USA 2014. ACM.

  • [20] M. Humbert E. Ayday J.-P. Hubaux and A. Telenti. Addressing the concerns of the lacks family: Quantification of kin genomic privacy. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security CCS ’13 pages 1141-1152 New York NY USA 2013. ACM.

  • [21] C. Jensen and C. Potts. Privacy Policies As Decision-making Tools: An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems CHI ’04 pages 471-478 New York NY USA 2004. ACM.

  • [22] C. Jensen C. Potts and C. Jensen. Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies 63(1-2):203-227 2005. {HCI} research in privacy and security.

  • [23] J. Kahn. RunKeeper Withings Strava & iHealth plan HealthKit integration excited for medical industry tie-in. Webpage June 2014. http://9to5mac.com/2014/06/04/runkeeper-withings-strava-ihealth-plan-healthkit-integrationexcited-for-medical-industry-tie-in/.

  • [24] J. Kaye. Abandoning informed consent. In O. Corrigan and R. Tutton editors Genetic Databases: Socio-Ethical Issues in the Collection and Use of DNA. Routledge Abingdon 2004.

  • [25] A. D. I. Kramer J. E. Guillory and J. T. Hancock. Experimental evidence of massive-scale emotional contagion through social networks. Proceedings of the National Academy of Sciences 111(24):8788-8790 2014.

  • [26] B. Latré B. Braem I. Moerman C. Blondia and P. Demeester. A survey on wireless body area networks. Wirel. Netw. 17(1):1-18 Jan. 2011.

  • [27] F. G. Martinez Perez C. Sorge R. Petrlic O. Ugus D. Westhoff and Gregorio. Privacy Enhanced Architecture for Smart Metering. International Journal of Information Security 12(2):67-82 2013.

  • [28] meetup.com. Quantified Self Meetups. http://www.meetup.com/en-US/topics/quantified-self/all/.

  • [29] A. Narayanan and V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. In Proc. IEEE Symposium on Security and Privacy (SP 2008) pages 111-125 May 2008.

  • [30] quantifiedself.com. Guide to Self-Tracking Tools. http://quantifiedself.com/guide/.

  • [31] Reuters. Google unveils “Fit” health fitness tracking platform. http://www.reuters.com/article/2014/06/25/googlehealthcare-idUSL2N0P61N820140625.

  • [32] D. Riboni L. Pareschi and C. Bettini. Privacy in georeferenced context-aware services: A survey. In C. Bettini S. Jajodia P. Samarati and X. Wang editors Privacy in Location-Based Applications volume 5599 of Lecture Notes in Computer Science pages 151-172. Springer Berlin Heidelberg 2009.

  • [33] runtastic GmbH. Facts About Runtastic. Available at https://www.runtastic.com/mediacenter/corporate-assets/english/company-overview/facts-about-runtastic_en_may2016.pdf May 2016.

  • [34] Samsung. Intelligence for smarter health. Webpage. http://www.samsung.com/us/ssic/innovation_areas/#digitalhealth.

  • [35] P. M. Schwartz. The eu-u.s. privacy collision: A turn to institutions and procedures. Harvard Law Review 126:1966-2009 2013.

  • [36] J. Y. Tsai S. Egelman L. Cranor and A. Acquisti. The effect of online privacy information on purchasing behavior: An experimental study. Info. Sys. Research 22(2):254-268 June 2011.

  • [37] G. Wolf. What is The Quantified Self. http://quantifiedself.com/2011/03/what-is-the-quantified-self/ Mar. 2011.

  • [38] C. K. Wong M. Gouda and S. S. Lam. Secure group communications using key graphs. In Proceedings of the ACM SIGCOMM ’98 Conference on Applications Technologies Architectures and Protocols for Computer Communication SIGCOMM ’98 pages 68-79 New York NY USA 1998. ACM.

  • [39] A. C. Yao. Protocols for Secure Computations. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science pages 160-164 Washington DC USA 1982. IEEE Computer Society.

  • [40] J. Zhang V. Dibia A. Sodnomov and P. B. Lowry. Understanding the disclosure of private healthcare information within online quantified self 2.0 platforms. In 19th Pacific Asia Conference on Information Systems PACIS 2015 Singapore July 5-9 2015 page 140 2015.

Search
Journal information
Cited By
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 657 377 5
PDF Downloads 346 227 4