All the Scary Ways Health Apps are Using Your Data

By Melkorka Licea.

NY Post illustration

New York Post (November 11, 2019, 6:53 PM EDT) — Is fitness tech counting steps — or overstepping?

Last week, Twitter users flew into a panic after learning that Google is acquiring Fitbit, the trendy fitness-tracking watch, for $2.1 billion. The freakout centered on user data — specifically, Fitbit users’ concerns that their exercise, food, weight and sleep data would become less secure. Although Fitbit said in a press release that it will “never sell” personal information, and promised that “Fitbit health and wellness data will not be used for Google ads,” users are skeptical.

And they may have reason to be concerned, according to NYC lawyer Gary Schober.

“Once you sign onto an app … you’re often just giving everything away,” the cybersecurity specialist tells The Post.

He would know: Part of his job is writing those long, barely skimmed privacy agreements for apps.

“Companies can collect whatever info they want and can use the info any way they want as long as they tell people,” says the attorney, who says he’s drafted “a bunch of … very favorable policies for my clients, because it’s not very likely anyone will read it, anyways.”

So, what happens once your health data — anything from your step count to your diet — are shared or sold to a company? Most often, it’s nothing too scary, says Schober: Typically, advertisers use health data to better target their ads with “no sinister intent.”

But that doesn’t mean things can’t get sinister.

For instance, if outside parties — such as insurance companies and prospective employers — get a hold of your health data, the ramifications could extend to big insurance premiums and even missed career opportunities.

Plus, there’s precedent for Google getting into hot water over sensitive health info: In 2017, the University of Chicago Medical Center teamed up with the search-engine giant, with the goal of sharing anonymous patient data so techies could analyze it and see if they could improve diagnostics with that information. But in June, both Google and the medical center were sued for not properly anonymizing hundreds of thousands of patient records. (Spokespersons from Google and the University of Chicago told the New York Times that they followed medical privacy guidelines.)

It’s important to note that not all health gadgets and apps are built the same. For example, doctor login portals — which your doc may ask you to download and use to schedule appointments and share test results — are protected by HIPPA (Health Insurance Portability and Accountability Act).

But if your doctor didn’t sign off on your tech, assume that your user data is fair game, says Schober.

Here, he and fellow experts break down the potential pitfalls of uploading your health information to your phone — and share their best advice on how to keep your private info private without going full tinfoil-hat.


Movement and step tracking

Apps that log the distance, pace and time of aerobic exercise are so popular that iPhones started offering a pedometer feature with IOS 8. It tracks your steps — without you ever asking it to.

But from a data perspective, you could stroll right into trouble if you have a sedentary spell, leave your phone at home or go off the grid.

“Let’s say suddenly you’re not using [your phone] as much and your average pace per mile goes down significantly,” says David O. Klein, an NYC data privacy lawyer. “It’s possible that an entity could discern that you have a health condition.”

That information could in turn be used by health insurance companies to determine you have a “risk factor” and offer you a higher rate, he says.

“Even if it’s not true, it could still influence their decision.”

Women’s health

Women want to know when it’s that time of the month, and thanks to numerous apps, the visit doesn’t have to be a surprise. But if your cycle “changes significantly,” says Klein, it could suggests to the health apps — and anyone else who has your info — that you’re pregnant, whether it’s true or not.

Jeffrey Neuburger, an NYC tech lawyer, says that information could have scary practical effects if it gets into the wrong hands — say, a hiring manager’s.

“A prospective employer might not want to hire someone who will be out on maternity leave,” Neuburger says.

There are also mental-health consequences to consider, particularly around fertility issues. For example, if period-tracking data tips companies off to a woman’s fertility struggles, that would allow “IVF companies, for example, to target women,” says Neuburger, possibly stressing out women struggling to conceive.

Or pregnancy-tracking apps can miss the memo during a miscarriage, as Washington Post writer Gillian Brockell called attention to last December. Brockell described “brokenheartedly” receiving early-motherhood ads after learning that her baby would be stillborn. Other women have spoken out about similarly upsetting experiences.

Food and diet

Have a cheat day coming up? It could come back to bite you if you log it into your food tracker — or even if you order a caloric feast via a delivery app.

“If my whole diet consists of nothing but pasta and bread, life insurance companies aren’t going to be happy about that, because it’s likely to reduce life expectancy,” says Schober.

It might sound far-fetched, but insurance companies are clearly paying attention to our diets: One, John Hancock, offers incentives and benefits to policyholders for buying more fruits and vegetables and whole grains as part of a “vitality” program. So what’s to stop companies from doing the reverse?

Then, there’s the direct threat to your health — via temptation, as advertisers pinpoint your junk-food weak spots.

Schober says, “If I show a propensity for eating a lot of pasta, that information can be used to tell me there’s a nice little Italian restaurant on Second Avenue I might want to go try.”

Heart monitor

Feeling anxious? Hitting a hard workout? Chugging coffee? You might want to switch off your heart- tracking app.

“Say your heart rate spikes beyond a certain level … it could indicate a heart condition,” says Klein. That doesn’t mean you have one: “It could be completely coincidental, but some of these algorithms are unbelievable now.”

Passing out your heart-health stats can have alarming outcomes. Not only could it raise your insurance premiums if the companies find out, but info on your heart health could also “be factored into real-estate decisions, like whether someone wants to lease you a place, or give you a loan,” says Neuburger.

That said, if you have reasons to be concerned about your ticker, the pros of tracking your heartbeat could still outweigh the cons. But if heart health and privacy are of equal concern, go low-tech: The American Heart Association suggests buying a bicep blood-pressure monitor (starting at about $25 on Amazon) and using a heart chart (online, on sites like to read your stats.

Lock down your health!

NYC lawyer Gary Schober explains how to keep your sensitive health data private.

Agree to disagree: When you download a health app — or any app — don’t just mindlessly swipe through all the agreements. Keep a sharp eye out for options to “disagree” or “opt out” from selling your data to, or sharing it with, external parties.

Stop the ad-ness:

If targeted ads on social media give you the creeps, change your smartphone’s settings. IOS phones have an option to “limit ad tracking” to opt out of receiving targeted ads. Start by going to “settings,” scroll down to “privacy” and click on “advertising.” Once there, switch the “limit ad tracking” dial to the right turning it green. For an Android, go to “settings” and scroll down to “privacy.” Choose “ads,” find where it says “opt out of ad personalization” and toggle the dial to the right so it turns blue.

Go off the grid:

In order to limit location tracking — which can track the distance and locations of your workouts — change your location setting to “while using” or “ask” for iPhone apps, and to “only in use” or “denied” for Android apps.


David Klein

David Klein is one of the most recognized attorneys in the technology, Internet marketing, sweepstakes, and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Trending Topics

data CIPA law Swigert law consumer protection data on cumputer screen

Swigart Law Group CIPA Demands

Readers of this blog likely know about the wave of consumer privacy litigation directed at online companies’ collection of consumer data. A litany of these

Read More »