Being able to track how often you move, how well you sleep and a host of other personal health and fitness metrics through wearable technology has become wildly popular and only continues to grow. Industry analysts expect the number of wearable devices like Fitbit to double by the year 2021.
But as fans of Black Mirror know, technology can have a dark side. That became especially evident when news broke this week that fitness tracking app Strava revealed the location of sensitive military sites—because the service is popular with American soldiers. (Strava publishes a Global Heat Map indicating the locations and movements of its users—which also happened to illuminate military bases in Iraq and Syria.) And a recent report from the Center for Digital Democracy found that Americans "face a growing loss of their most sensitive information" through health wearable devices.
The news has raised concerns about how wearable technology and tracking apps secure users' sensitive data and what consumers can do to protect themselves. Information collected by such services can include personal health metrics like heart rate and steps taken, but also user locations, calendar information, and contacts in your smartphone.
Experts say that privacy safeguards in some of these apps and devices need to be improved by their manufacturers—but in the meantime, there are also steps users can take to ensure their own privacy.
"The onus should be on companies, organizations, and governments to do a whole lot better in evaluating privacy concerns and safeguarding data," says Joe Jerome, an attorney on the privacy and data team at the Center for Democracy & Technology, a digital civil rights advocacy organization.
But until that happens, says Jerome, consumers have to do what they can to protect themselves. "There is an obligation on users to see what type of information is out there on themselves," he says. "You have to be proactive. It's unfair to users, but it's the world we live in."
Take these steps to protect yourself:
1. Check the Default Settings on an App or Device
When you get a new fitness tracking device, it's tempting to blow through the setup process so you can get started using it right away. But accepting the default privacy settings can be dangerous.
"You should assume that the default settings on an app or device are not there to protect you—they're there to maximize data collection for the company," says Jerome.
If you've already set up your device, take some time to go back and check whether the service is collecting and sharing your stats and locations. While all devices and service are different, start by checking the "Settings" section. Look for options like "privacy controls."
In some cases, fitness tracking services double as social networks, so pay attention to whether your data is being shared publicly, with friends only, or is completely private. Consider whether you want people to know your running route or the times when you're in specific locations.
2. Look for Privacy Settings in Multiple Locations
It's not enough to simply check the settings on an app or device. You need to pay attention to the service's entire ecosystem, says Jerome. In the case of Strava, users can make changes to the app under "Settings" and then "Privacy Controls." But the company offers additional privacy settings only on its website portal, which is where users can indicate they want to be excluded from heat maps.
So look for privacy options in three places: the device itself, the app linked to the device on your phone, and any web portal that may be linked to the service. (It's also a good idea to check settings on all social media platforms or when creating any new accounts to protect yourself and your family.)
3. Turn off Location Tracking
Most wearables are tied to an app on your smartphone. The easiest way to protect yourself may be to simply turn off geolocation tracking on your phone. If you want to use it for some services, many smartphones give you the option to turn on location services for specific apps only.
"The biggest issue, categorically, with wearables is location," says Jerome. "Precise location information is very sensitive, and over and over again, research shows that it can be used to be very identifying. If you have more than one location data point you can associate with a given person, like home and work, you're pretty close to identifying them. Once you have three, four or five data points tied to location, you can figure out who someone is."
So consider whether your friends really need to see your running route - maybe it's worth it to you keep track of biking routes through an app.
"Most of these companies reserve broad rights to do whatever they want with info they consider to be anonymized, aggregated and de-identified," says Jerome. "Part of the challenge here is that there's a lot of confusion around those three words, which are often thrown around identically. But they can mean different things. And even if data is anonymized, it can still be used in predatory ways."
5. Stay Vigilant Protecting Your Personal Information
If you have a privacy concern, reach out to the company for information first. If you have reached out to a company for clarification to no avail, don't just forget about it and move on—because it's your personal information and you should know how it's being used. For example, Experian lays out all of its data privacies online clearly for consumers and businesses.
The long-term concern is that if your personal information gets out, it can be bought and sold on the dark web for years to come. You can make sure you're doing your part by regularly checking any updates to privacy policies (you'll get alerted on the app or site if they change) and regularly checking your credit report to look for signs of potential identity theft.
Editorial Disclaimer: Opinions expressed here are author's alone, not those of any bank, credit card issuer or other company, and have not been reviewed, approved or otherwise endorsed by any of these entities. All information, including rates and fees, are accurate as of the date of publication.
This article was originally published on February 1, 2018, and has been updated.