The Future

There is a reason apps make it so fun to track your health

Health data is valuable: Your employer wants it, your insurers want it, and you're only too happy to give it away to apps for free.
The Future

There is a reason apps make it so fun to track your health

Health data is valuable: Your employer wants it, your insurers want it, and you're only too happy to give it away to apps for free.

In spring of 2018, I quit my job and started Weight Watchers.

I didn’t go to the meetings — a combination of embarrassment and agoraphobia keeps me mostly at home. But Weight Watchers, recently re-branded as WW, has an app in which users track their meals using “points” as well as track their daily exercise; there’s also a community component, where unfailingly positive and supportive people upload images of their progress or rave about their favorite healthy meal.

And it was, dare I say — fun? Or maybe, at least, satisfying? To enter the meals I’d eaten that day, to see that it was within a healthy range (the app has a lower and an upper limit), and that over the course of the week, I’d gradually increased my consumption of vegetables. In the end, I actually lost about 10 pounds, though it took six months or so and, you know, might also have been because I’d quit a stressful job to focus on the career I wanted and on my own health.

But it came at a price. There’s a reason why these trackers and apps are designed to be so fun, and it’s not just because it’ll make it easier to lose weight or walk more.

Every minute spent hooked up to a health device or app is a moment providing it with some very valuable data. What those companies do with that data varies wildly, but most of them are siphoning it off our wrists and selling it to the highest bidder. As a result, annoying, invasive ads might start popping up on our screens, but the consequences of this data being out there could be considerably more serious.

There are a lot of fitness trackers. Best Buy sells 209 different varieties on its website, with the best-selling being the Fitbit Charge 3 in Black/Graphite for $149. It’s kind of nice-looking, though it’s not as nice as one that is apparently slightly less popular, the Fitbit Charge 3 in Lavender/Rose Gold.

Amanda Rhoades, a journalist based in Portland, Oregon, has owned both an Apple Watch and a number of Fitbits. She prefers the Apple Watch, telling me that it is “by far a superior product.” She likes that it tracks her heart rate, and that through a connection to her phone, it can alert her when she’s in a “danger zone. This is important to those of us on meds that need to keep an eye on how their heart rate is impacted,” she said. It also reminds her to breathe throughout the day, which helps with any anxiety she might be feeling.

The Fitbit, she said, broke frequently, but when it wasn’t broken, it was much more compelling and fun, and a better candidate for those seeking weight loss and increased activity. “You add friends and cheer each other on through the day, compete in different challenges, compare your stats to others,” she told me. “I do miss a lot about Fitbit.”

When I asked people about privacy, most acknowledged that they think the risk to their data privacy is worth it.

“Before I sign up to put my information into anything like this I ask myself if what I’m getting out of this is worth it,” Amanda said. “ If there’s a tool that helps me keep [my health] in check, then I’m willing to take that risk.”

But is it worth it? The amount of data these devices and apps collects is huge, and it’s incredibly valuable: a 2014 report claimed that health data is worth 10 times that of other personal data.

And if there’s a security breach at Fitbit or Jawbone or whatever: well. Even if a company promises it will never sell data, they can’t promise it won’t be sold if it’s stolen first, which does happen: MyFitnessPal was hacked in 2018. Although stolen data paths are difficult to follow, it could theoretically make its way online, which brokers scour to compile user profiles that they then sell to advertisers; brokers potentially could even purchase this data directly from thieves, according to a 2013 paper from the University of Colorado Law School. A user whose data was snatched up by a data broker might start seeing ads for weight loss supplements, or if they’re using a period-tracker app, they might start seeing ads for egg-freezing, IVF treatments, or baby clothes.

More concerningly, data brokers break data sets into specific categories, so someone who’s a few pounds overweight, or anxiety makes their heart race, or they ate like shit this past month — all these factors could get them sorted into a high-risk category they might pay the price for later, in the form of higher insurance premiums or even outright discrimination.

With enough triangulation between other data sets, it’s not hard for brokers to make a relatively educated guess as to which data set belongs to each person.

Many people and brands wave off these concerns, saying that it’s aggregate, anonymous data that advertisers get access to. But most aggregate data sets are assigned identification numbers. With enough triangulation between other data sets, it’s not hard for brokers to make a relatively educated guess as to which data set belongs to each person.

HIPAA, the Health Insurance Portability and Accountability Act of 1996, exists to protect health care information and keep it private. But it wasn’t written to account for most consumer devices, like Fitbits or Apple Watches, which, while they offer health and wellness benefits, typically aren’t covered by HIPAA. A 2016 Health And Human Services Report stated that people who give their data to devices or apps not regulated by HIPAA, “likely will not enjoy the same protections against unwanted marketing unless the data collector has promised in its terms of use not to use data for marketing and does not change its terms of use.”

“For the most part I would say these healthcare apps do not have privacy protections,” Tiffany Schoenike, the chief operation officerof the National Cyber Security Alliance, told me. “That’s why it's so critical for individuals to at least take a look at a privacy policy, which are awful and horrible to read.”

Natasha Duarte, a policy analyst at the Center for Democracy & Technology, agrees about the little privacy protections afforded to consumers. “Companies generally have only been required to provide notice of their data practices and get consent. That doesn't really protect consumers from unexpected, privacy invasion, and potentially discriminatory uses of their health data,” she said.

According to Jason Chung, a senior research scholar at New York University School of Professional Studies Sports and Society, this lack of legislative protection is frustrating consumers. “Governments everywhere should be doing more to reassure people they have a plan,” he said. “But quite frankly I don't see it." Florida Sen. Marco Rubio, of all people, recently proposed a new, federal privacy bill that would overrule the hodgepodge of state privacy laws currently in place. There are other data privacy propositions in the ether, as well, though right now they’re all in the early stages.

Schoenike emphasized to The Outline that there are a lot of benefits to these technologies, and that she uses a Fitbit, too. But, she said, it’s important to read through the privacy policy of the product and look for a few key sections: what information is collected, what information is shared, and how it’s being used.

In a statement, Apple told me that all HealthKit data is encrypted; it also forbids third party apps from disclosing data for data mining or advertising purposes. Fitbit also told me it doesn’t sell user data, although data collected and passed along to corporate wellness programs is typically subject to the program’s privacy policy, which may differ from Fitbit’s.

These devices are brilliantly designed; they really do make tracking your health and staying on target fun and engaging. Nicholas Deleon, a writer based in New York, told me that he lost 30 pounds last year, partly because of his Apple Watch. He started riding his bike to a new job, he said, and realized that, according to his Watch, he wasn’t burning nearly enough calories during the bike ride to lose the weight he wanted to lose. “So the Apple Watch basically crystallized (to me) that cardio can only get you so far, and that diet is probably the most important thing,” he said.

Angela Lashbrook is a contributing writer at The Outline.