This publication seeks to add protections to data from consumer wearables and wellness apps that may not be covered by specific sector legislation and to add specific guidance in areas where general privacy statutes are applicable.
It seeks to build upon existing legal expectations by providing organizations with practical guidance that can be further tailored to meet local requirements. It should be noted that this document is not intended to describe every privacy practice applicable to wearable devices or related apps or services; rather, it attempts to provide guidance specific to the collection and use of consumer-generated wellness data. Apps and devices that capture other personally identifiable information should look to existing best practices and guidance documents, such as the FTC report titled Internet of Things: Privacy & Security in a Connected World, the Article 29 Working Party Recent Developments on the Internet of Things Opinion on the Recent Developments on the Internet of Things, or the FPF-CDT Best Practices for Mobile Application Developers.
The principles set out in this document set a baseline of responsible practices intended to support a targeted FIPPs-based trust framework for the collection and use of consumer-generated wellness data. We have described these as best practices in order to recognize that, in a number of places, they set limits or extend protections that go beyond current law. For example, this code sets limits on the transfer of data to data brokers and information resellers, even with express consumer consent. By building on best practices that support consumer trust, as well as developing responsible guidelines for appropriate research and other secondary uses of consumer-generated wellness data, we hope to ensure continued innovation and consumer trust within the wearables ecosystem.