Charles Schumer, the U.S. Senator from New York, wants fitness device and app companies to provide an opportunity for users to opt-out before personal health data can be provided to third parties such as employers and insurance companies.
Schumer made the opt-out request to the Federal Trade Commission (FTC) in a press release on Sunday. He says there are no federal laws to prevent fitness device and app companies—Schumer singled out Fitbit—to sell the data to a third party without a user's consent.
"Personal fitness bracelets and the data they collect on your health, sleep, and location should be just that—personal," Schumer said in a statement. "The fact that private health data—rich enough to identify the user's gait—is being gathered by applications like Fitbit and can then be sold to third parties without the user's consent is a true privacy nightmare."
Schumer added the FTC should require fitness device and app companies to adopt new privacy measures that will help conceal the identity of individuals and develop policies to protect consumer information in the event of a security breach.
Schumer did praise the app Polar Flow, made by Polar (whose U.S. headquarters are in Schumer's home state—Lake Success, NY). Polar, according to Schumer, makes it clear in its terms and conditions that it will never sell personal data for advertising purposes.
In September 2013, the FDA addressed privacy issues when it released guidelines on mobile medical applications. Schumer says there is a loophole in those guidelines because they apply only to apps that are promoted for medical purposes, such as the diagnosis, cure, treatment or prevention of a disease. Without a privacy policy or protection from HIPAA, users' health information obtained via mobile medical apps could be sold to insurers, mortgage lenders, or employers, Schumer says.