Should Your Employer Have Access to Your Fitbit Data?

A woman using a wearable device to track her fitness activities.

(© olegbreslavtsev/Fotolia)

The modern world today has become more dependent on technology than ever. We want to achieve maximal tasks with minimal human effort. And increasingly, we want our technology to go wherever we go.

Wearable devices operate by collecting massive amounts of personal information on unsuspecting users.

At work, we are leveraging the immense computing power of tablet computers. To supplement social interaction, we have turned to smartphones and social media. Lately, another novel and exciting technology is on the rise: wearable devices that track our personal data, like the FitBit and the Apple Watch. The interest and demand for these devices is soaring. CCS Insight, an organization that studies developments in digital markets, has reported that the market for wearables will be worth $25 billion by next year. By 2020, it is estimated that a staggering 411 million smart wearable devices will be sold.

Although wearables include smartwatches, fitness bands, and VR/AR headsets, devices that monitor and track health data are gaining most of the traction. Apple has announced the release of Apple Health Records, a new feature for their iOS operating system that will allow users to view and store medical records on their smart devices. Hospitals such as NYU Langone have started to use this feature on Apple Watch to send push notifications to ER doctors for vital lab results, so that they can review and respond immediately. Previously, Google partnered with Novartis to develop smart contact lens that can monitor blood glucose levels in diabetic patients, although the idea has been in limbo.

As these examples illustrate, these wearable devices present unique opportunities to address some of the most intractable problems in modern healthcare. At the same time, these devices operate by collecting massive personal information on unsuspecting users and pose unique ethical challenges regarding informed consent, user privacy, and health data security. If there is a lesson from the recent Facebook debacle, it is that big data applications, even those using anonymized data, are not immune from malicious third-party data-miners.

On consent: do users of wearable devices really know what they are getting into? There is very little evidence to support the claim that consent obtained on signing up can be considered 'informed.' A few months ago, researchers from Australia published an interesting study that surveyed users of wearable devices that monitor and track health data. The survey reported that users were "highly concerned" regarding issues of privacy and considered informed consent "very important" when asked about data sharing with third parties (for advertising or data analysis).

However, users were not aware of how privacy and informed consent were related. In essence, while they seemed to understand the abstract importance of privacy, they were unaware that clicking on the "I agree" dialog box entailed giving up control of their personal health information. This is not surprising, given that most user agreements for online applications or wearable devices are often in lengthy legalese.

Companies could theoretically use their employees' data to motivate desired behavior, throwing a modern wrench into the concept of work/life balance.

Privacy of health data is another unexamined ethical question. Although wearable devices have traditionally been used for promotion of healthy lifestyles (through fitness tracking) and ease of use (such as the call and message features on Apple Watch), increasing interest is coming from corporations. Tractica, a market research firm that studies trends in wearable devices, reports that corporate consumers will account for 17 percent of the market share in wearable devices by 2020 (current market share stands at 1 percent). This is because wearable devices, loaded with several sensors, provide unique insights to track workers' physical activity, stress levels, sleep, and health information. Companies could theoretically use this information to motivate desired behavior, throwing a modern wrench into the concept of work/life balance.

Since paying for employees' healthcare tends to be one of the largest expenses for employers, using wearable devices is seen as something that can boost the bottom line, while enhancing productivity. Even if one considers it reasonable to devise policies that promote productivity, we have yet to determine ethical frameworks that can prevent discrimination against those who may not be able-bodied, and to determine how much control employers ought to exert over the lifestyle of employees.

To be clear, wearable smart devices can address unique challenges in healthcare and elsewhere, but the focus needs to shift toward the user's needs. Data collection practices should also reflect this shift.

Privacy needs to be incorporated by design and not as an afterthought. If we were to read privacy policies properly, it could take some 180 to 300 hours per year per person. This needs to change. Privacy and consent policies ought to be in clear, simple language. If using your device means ultimately sharing your data with doctors, food manufacturers, insurers, companies, dating apps, or whoever might want access to it, then you should know that loud and clear.

The recent implementation of European Union's General Data Protection Regulation (GDPR) is also a move in the right direction. These protections include firm guidelines for consent, and an ability to withdraw consent; a right to access data, and to know what is being done with user's collected data; inherent privacy protections; notifications of security breach; and, strict penalties for companies that do not comply. For wearable devices in healthcare, collaborations with frontline providers would also reveal which areas can benefit from integrating wearable technology for maximum clinical benefit.

In our pursuit of advancement, we must not erode fundamental rights to privacy and security, and not infringe on the rights of the vulnerable and marginalized.

If current trends are any indication, wearable devices will play a central role in our future lives. In fact, the next generation of wearables will be implanted under our skin. This future is already visible when looking at the worrying rise in biohacking – or grinding, or cybernetic enhancement – where people attempt to enhance the physical capabilities of their bodies with do-it-yourself cybernetic devices (using hacker ethics to justify the practice).

Already, a company in Wisconsin called Three Square Market has become the first U.S. employer to provide rice-grained-sized radio-frequency identification (RFID) chips implanted under the skin between the thumb and forefinger of their employees. The company stated that these RFID chips (also available as wearable rings or bracelets) can be used to login to computers, open doors, or use the copy machines.

Humans have always used technology to push the boundaries of what we can do. But in our pursuit of advancement, we must not erode fundamental rights to privacy and security, and not infringe on the rights of the vulnerable and marginalized. The rise of powerful wearables will also necessitate a global discussion on moral questions such as: what are the boundaries for artificially enhancing the human body, and is hacking our bodies ethically acceptable? We should think long and hard before we answer.

Junaid Nabi
Junaid Nabi, MD, MPH, is a physician, public health researcher, and a medical journalist. He currently manages several research projects at Brigham Health that include investigating provider- and hospital-level factors associated with racial and ethnic disparities in surgical oncology; evaluating the fiscal impact of consolidating care of complex patients; and, examining systematic factors that lead to opioid over-prescribing patterns after surgery. He has also undertaken research that examined the effect of health disparities that arise from social and political disenfranchisement and the relationship between trauma care and post-traumatic stress disorder (PTSD). Previously, he was a Fellow in Bioethics at Harvard Medical School Center for Bioethics where he studied bioethical issues in global healthcare delivery; role of bioethicists in Artificial Intelligence, Machine Learning, and other evolving technologies; and, emotional intelligence in bioethical analysis. He is a New Voices Fellow at The Aspen Institute, Washington, D.C., and a Fellow at Harvard Graduate School Leadership Institute, Boston.
Get our top stories twice a month
Follow us on

Elaine Kamil had just returned home after a few days of business meetings in 2013 when she started having chest pains. At first Kamil, then 66, wasn't worried—she had had some chest pain before and recently went to a cardiologist to do a stress test, which was normal.

"I can't be having a heart attack because I just got checked," she thought, attributing the discomfort to stress and high demands of her job. A pediatric nephrologist at Cedars-Sinai Hospital in Los Angeles, she takes care of critically ill children who are on dialysis or are kidney transplant patients. Supporting families through difficult times and answering calls at odd hours is part of her daily routine, and often leaves her exhausted.

Keep Reading Keep Reading
Lina Zeldovich
Lina Zeldovich has written about science, medicine and technology for Scientific American, Reader’s Digest, Mosaic Science and other publications. She’s an alumna of Columbia University School of Journalism and the author of the upcoming book, The Other Dark Matter: The Science and Business of Turning Waste into Wealth, from Chicago University Press. You can find her on and @linazeldovich.
Adobe Stock: bakhtiarzein

A highly contagious form of the coronavirus known as the Delta variant is spreading rapidly and becoming increasingly prevalent around the world. First identified in India in December, Delta has now been identified in 111 countries.

In the United States, the variant now accounts for 83% of sequenced COVID-19 cases, said Rochelle Walensky, director of the Centers for Disease Control and Prevention, at a July 20 Senate hearing. In May, Delta was responsible for just 3% of U.S. cases. The World Health Organization projects that Delta will become the dominant variant globally over the coming months.

Keep Reading Keep Reading
Emily Mullin
Emily Mullin is the acting editor of Most recently, she was a staff writer covering biotechnology at OneZero, Medium's tech and science publication. Before that, she was the associate editor for biomedicine at MIT Technology Review. Her stories have also appeared in The Washington Post, New York Times, Wall Street Journal, Scientific American, National Geographic and Smithsonian Magazine.