User Expectations of Privacy in Self-Generated Mobile Health Data
New York University, United States
Rapid developments in self-quantification via ubiquitous computing allow individuals to collect health-relevant information using smart phone apps and health sensors, and share that data online for purposes of self-experimentation, community building, and research. Online disclosures of intimate bodily details, coupled with growing contemporary practices of data mining and profiling, may lead to radically inappropriate flows of information, potentially jeopardizing individuals’ social status, insurability, and employment opportunities. In this talk, I present results from an ongoing qualitative research study exploring how Fitbit users are actively constructing a vibrant health self-tracking social context, how they understand their privacy rights in their self-generated health data under existing laws and data collection and use policies, and how their needs and beliefs guide their information management practices. In the absence of clear statutory or regulatory protections for self-generated health information, its privacy and security rest heavily on robust individual data management practices, which in turn rest on users’ understandings of information flows, legal protections, and commercial terms of service. Fitbit users interviewed to date express highly granular preferences for health information sharing that vary as a function of information type, recipient, and perceived transmission principles guiding secondary information flows. These individuals are mindful of differential legal protections afforded their data, compared to information collected in traditional clinical medical contexts, and they take concrete steps to protect themselves from harm, particularly expressing concern about employers and insurance companies gaining access to their health information. Early results also point to simple steps that sensor and app developers can take to promote continued user trust and to respect newly emerging user expectations of privacy.