Data collected from fitness trackers worn by employees could be very useful for businesses. The sharing of this data with employers is already a well-established practice in the United States, and companies in Europe are showing an interest in the introduction of such devices among their workforces. Our argument is that employers processing their employees’ fitness trackers data is unlikely to be lawful under the General Data Protection Regulation (GDPR). Wearable fitness trackers, such as Fitbit and AppleWatch devices, collate intimate data about the wearer’s location, sleep and heart rate. As a result, we consider that they not only represent a novel threat to the privacy and autonomy of the wearer, but that the data gathered constitutes ‘health data’ regulated by Article 9. Processing health data, including, in our view, fitness tracking data, is prohibited unless one of the specified conditions in the GDPR applies. After examining a number of legitimate bases which employers can rely on, we conclude that the data processing practices considered do not comply with the principle of lawfulness that is central to the GDPR regime. We suggest alternative schema by which wearable fitness trackers could be integrated into an organization to support healthy habits amongst employees, but in a manner that respects the data privacy of the individual wearer.
MULTIFILE
In this project we take a look at the laws and regulations surrounding data collection using sensors in assistive technology and the literature on concerns of people about this technology. We also look into the Smart Teddy device and how it operates. An analysis required by the General Data Protection Regulation (GDPR) [5] will reveal the risks in terms of privacy and security in this project and how to mitigate them. https://nl.linkedin.com/in/haniers
MULTIFILE
A huge amount of data are being generated, collected, analysed and distributed in a fast pace in our daily life. This data growth requires efficient techniques for analysing and processing high volumes of data, for which preserving privacy effectively is a crucial challenge and even a key necessity, considering the recently coming into effect privacy laws (e.g., the EU General Data Protection Regulation-GDPR). Companies and organisations in their real-world applications need scalable and usable privacy preserving techniques to support them in protecting personal data. This research focuses on efficient and usable privacy preserving techniques in data processing. The research will be conducted in different directions: - Exploring state of the art techniques. - Designing and applying experiments on existing tool-sets. - Evaluating the results of the experiments based on the real-life case studies. - Improving the techniques and/or the tool to meet the requirements of the companies. The proposal will provide results for: - Education: like offering courses, lectures, students projects, solutions for privacy preservation challenges within the educational institutes. - Companies: like providing tool evaluation insights based on case studies and giving proposals for enhancing current challenges. - Research centre (i.e., Creating 010): like expanding its expertise on privacy protection technologies and publishing technical reports and papers. This research will be sustained by pursuing following up projects actively.
