Australia’s aging and ill-equipped privacy law and its slow review increase the risk of sensitive personal data generated by a smartwatch being misused by commercial interests. Without the protection of strict privacy rules comparable to the European Union’s General Data Protection Regulation or even the recently updated privacy law in New Zealand, the privacy issues posed by the use of data personnel by companies will probably not be resolved.
Whether it’s a mobile phone app tied to your car that monitors your driving efficiency or a health insurance wellness app tied to your smartwatch, increasing the collection of data and a possible move towards the aggregation of this data is happening rapidly.
Yet the privacy risks that come with the flow of data from wearable technology to insurers don’t get much media attention; nor is the question of whether consumers who download apps or link devices to insurers are able to offer informed consent.
However, regulators and researchers seem aware of the privacy risks posed by this type of data flow. The Australian Competition & Consumer Commission (ACCC), which seems increasingly sensitive to privacy concerns, has sounded the alarm over the prospect that Big Tech is trying to monetize health and health datasets. physical form collected and compiled via smart devices.
In late 2019, days after Google announced its $2.1 billion ($3 billion) global acquisition of smartwatch maker Fitbit, then-ACCC chairman Rod Sims said any assurances offered by Google regarding not selling Fitbit data was essentially worthless. The global agreement was reached in January, even though the ACCC was conducting an investigation into the application of the agreement. This investigation, which takes into account both competition and consumer considerations, is ongoing.
Discounts for exercise
Australian insurers AIA and NIB as well as airlines like Qantas run wellness apps that offer rewards to users in different forms. Health and life insurer AIA describes its AIA Vitality app as “a personalized, science-backed health and wellness program that […] encourages you to move more, eat well and get regular check-ups.”
The app, available to people with AIA Health and AIA Life Insurance policies, is linked to a compatible smart device. Users progress through a rewards program, potentially qualifying for a 20% discount on their premium.
Bypassing regulatory constraints, these rewards are crucial. Australian health insurers are governed by a community rating system – meaning that regardless of health status, age, gender or any other factor, individuals will be charged the same premium as all other living members. in their condition.
They may, however, offer a discount if they know you are exercising more or eating well. But the regulatory framework means that the opposite behavior – someone moves less and eats poorly – cannot lead to policy increases or even the denial of a policy.
In response to our written questions, NIB’s managing director for Australian Resident Health Insurance, Ed Close, pointed out that the insurer’s app was offered “at no additional cost” to users.
“When a NIB member uses our ‘Well with NIB’ app, we may collect personal information to send communications to our members containing personalized health information, products and services,” Close said.
“We may also use a member’s personal information to identify areas in which they may benefit from one of our health management programs,” he said, adding that it was up to the member to decide if they wanted to participate. Additionally, members can request that their personal information be erased from the app if they choose to stop using it, NIB said.
The insurer insisted that this information was not used to set the price of a product, but simply to personalize offers for customers.
However, the line between pricing and personalization is blurred when a policy tailored to one’s lifestyle brings with it the benefit of a future discount. While these discounts benefit the consumer, they link health data to pricing. After all, a discount equals a price change.
“We have no way of knowing how insurance pricing works because the companies keep it completely secret.”
Sofia Bednarz, University of Sydney
The data generated by wearable devices offers insurers a big advantage. Not only can they get to know their customers better, but they can also refine the algorithms to profile people in more detail. How these profiles will be used in the future is unclear.
Industry observers agree that Australian insurers are already competing to find the cheapest customers, meaning policyholders least likely to fall ill and cost insurers dearly. Wearable technology is accelerating this race, giving those with the most data a competitive edge.
Katharine Kemp, lecturer in law at the University of New South Wales, explains that there is “the potential for insurers to discriminate and even exclude [based on] health indicators or activity levels they pick up from the device. »
And longer term, Kemp says, a company could apply data to artificial intelligence and make “inferences and predictions about future consumer health; possibilities and probabilities that the consumer himself could be unaware of [that] could be used against the consumer.
“Some discrimination or exclusions will be difficult to discover because the company will use targeted advertising, and it may simply choose not to show its online advertisements and offers to ‘undesirable’ consumers,” Kemp said. “If you move on to this intense surveillance and scrutiny and pervasive data collection, you’re heading into cherry picking and discrimination,” she added.
With opaque privacy agreements and statements, any consent given by a consumer to hand over data generated by a smartwatch is likely ill-advised, she said.
“It’s utterly misleading to say that consumers consent to something when they don’t understand it and that you have to consent to a bunch of vague additional purposes when you only want to agree to what is necessary to buy the product,” says Kemp.
According to a study published this month, the question of personal data transmitted from the insured to the insurer goes beyond wearable watches and the insurance industries.
Zofia Bednarz, a lecturer in commercial law at the University of Sydney, looked at data collection as part of a larger research project focusing on insurance law and anti-discrimination. In an interview, Bednarz pointed to loyalty programs run by companies that also offer insurance products, such as Qantas and supermarket owner Coles. Both companies offer loyalty programs as well as products such as home, health and pet insurance.
Bednarz analyzed the privacy policies in place about a year ago and said their wording meant companies could change and exchange data between loyalty programs and insurance products. “We have no way of knowing how insurance pricing works because the companies keep it completely secret,” she said.
What is clear is that insurers show no signs of slowing down in their search for data, and regulatory ambiguity underscores the urgency of updating Australia’s Privacy Act 1988. Progress on the review has been slow – which Australian Privacy Foundation Chairman David Vaile said has left insurance companies’ use of data both a ticking time bomb and “a honey pot”.
“It’s so rich and appealing that even though it’s not abused right now, it attracts ostensibly straight operators and scammers. [alike]”Vaile said.
Laurel Henning reports on regulatory affairs for MLex from LexisNexis.
The Business Briefing newsletter features top stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.