Quick Links
Advertise with Sarbanes Oxley Compliance Journal
Features


< Back

Sarbanes Oxley : Data Governance : Internet of Things

Worn on the Sleeve


Watches that monitor sleep quality. Skullcaps that gauge head injury. An infant bodysuit that sends temperature and breathing updates to a mobile device. Ear buds that track your heart rate. These are just some of the innovations now emerging in the hot new field of wearable technology.

By Peter McLaughlin, Gabriel Meister, Andrew Serwin
Peter McLaughlin
Of Counsel, Global Privacy and Data Security Practice Group, New York
Morrison & Foerster

Gabriel Meister
New York Partner, Technology Transactions Group
Morrison & Foerster

Andrew Serwin
Global Privacy and Data Security Practice Group Partner
Morrison & Foerster

Currently estimated at $1.6 billion, the wearable device market is expected to grow to $5 billion in revenue by 2016, according to Gartner. If upcoming releases like Google Glass (scheduled for mass distribution later this year) prove as popular as smartphones and tablets—whose combined revenue topped $66 billion in 2013, according to the Consumer Electronics Association— wearable devices stand to become a major new realm in technology.

But the technology is already garnering a lot of attention from lawyers and lawmakers with concerns about how the devices—and the information they collect—can be misused. Wearable devices are just one more example of how technology gets ahead of the law, says Gabriel Meister, a New York-based partner in Morrison & Foerster’s Technology Transactions

Group. “Often, the legislative response to perceived risks is very blunt, until we figure out exactly what the risks are.”

Close to the Vest
One of the first attempts to address privacy-related legal issues—an 1890

Harvard Law Review article written by attorneys Louis Brandeis and Samuel Warren—sprung from concerns about the newly introduced handheld camera. People were afraid a newspaper could photograph them in a private space and publish it the next day, according to Andrew Serwin, a Morrison & Foerster Global Privacy and Data Security Practice Group partner.

“They felt the technology was extremely invasive,” Serwin says. “What happened was the volume of data and its velocity increased. Wearable technology is the same issue— just at a much faster velocity, with much more volume and permanency.” 

Smartphones let users quickly shoot and share images. Google Glass wearers can snap a photo by speaking a phrase. With each new device, consumers are receiving and transmitting more information that can be stored indefinitely and potentially retrieved, shared, or even sold by people unknown to the original user, especially if they are stored or shared on a centralized server.

Fitness enthusiasts, for example, wouldn’t necessarily want their health insurance provider—which may base premiums on health status—to access their blood pressure readings. They presumably would want to know whether a fitness tech provider reserved the right to share information with a third party, Meister says.

“There are a lot of really attractive services a consumer can get through wearable technology,” says Peter McLaughlin, of counsel in Morrison & Foerster’s Global Privacy and Data Security Practice Group in New York. “But how are the folks offering the technology managing the [privacy] expectations of people who are actually using it? And who’s seeing the data?”

Medical devices, another transportable tech trend, can present even greater privacy risks. “Portable insulin pumps are smaller than an iPhone, regularly record insulin levels, and can transmit the information electronically to a website a patient and doctor use,” McLaughlin says.

“That information is a bit more sensitive than workout stats.”

In some cases, the Health Insurance Portability and Accountability Act— which is meant to assure the privacy and security of medical data—may apply. In any case, consumers will want assurance that their personal data is protected from hackers. “Wearable technology developers ought to start thinking about the security of the data in the device and the security of data transmission sooner rather than later in the development process,” McLaughlin says.

Is This Thing On?
Wearable devices aren’t just compact—they’re discreet. They operate, present, and collect data with more subtlety than their predecessors.  And that feature has raised fears that these devices could be presenting new and unforeseen risks to safety, privacy, or intellectual property.  Just two examples:

In October 2013, Google Glass enthusiast Cecilia Abadie was pulled over for speeding on a San Diego highway. She was also cited for distracted driving due to the Google Glass she was wearing.  The citation was later thrown out of traffic court because of a lack of evidence that Abadie was distracted by—or even using—the device.

In January, a man sporting Google Glass was removed from an Ohio movie theater and questioned by Homeland Security agents for two hours about potential copyright infringement. “Reportedly he was only wearing the glasses because he had his prescription lenses in them,” Meister says. “He was ultimately able to get them to connect his Glass to a PC via USB and have a look, to prove he wasn’t recording the movie.”

Because Google Glass is still new, many people do not understand how it works. Over time, society may become more accepting of wearable technology, as it has with smartphones.

A fitness club is a good example of a place where many people would not like strangers to take—or share—their the Sleeve Illustration by john ritter pictures.  Many gyms warn against photos and recordings. But now that many consumers keep their camera-equipped smartphones on them at all times—including when working out, to listen to music—preventing all camera use can be challenging.

“If we become aware that inappropriate photos have been taken and we can identify the photographer, we revoke the person’s membership,” says a legal professional for a fitness chain.  “But banning phones is just not going to work practically.”

The widespread use of smartphones may have helped consumers accept their use in gyms as well, the professional says. “There was a lot of fear eight to 10 years ago when camera phones started coming out. They’re here to stay; people just have to be courteous.”

Promising Potential
In reality, it’s almost impossible to completely eliminate all privacy-related portable technology risks, although that hasn’t stopped some businesses from trying. “Some of the pre-emptive reactions to Google Glass, for example, involve certain states’ gaming commissions telling casinos in certain states to go ahead and ban similar devices,” Meister says.  “There are also legislators, in Delaware, West Virginia, New Jersey, and Illinois at least, introducing legislation prohibiting Glass use while driving.”

Society—and the legal system—may need more time to determine all the potential concerns associated with new wearable devices. New laws will emerge, just as some states and municipalities forbid texting while driving. “We’re in the phase where we are trying to apply old laws to new technology,” Meister says. “But at some point, when devices like this become essential, you see new laws being tailored to the technology, and not vice versa.”

Although it caused a mild privacy panic in the late 19th century, society eventually made its peace with the handheld camera. Google Glass—and the wearable technology items yet to come—may very well experience the same trajectory. “What ends up happening is technologies either become ubiquitous and people get used to the invasion of privacy, or they go away,” Serwin says. “You have to look at the issue with the perspective of time.”

----------------------------------------

Used by permission of Morrison & Foerster LLP. For the full magazine please see, http://www.mofo.com/docs/pdf/mofo-tech-spring-summer-2014

 

 





Peter McLaughlin
Of Counsel, Global Privacy and Data Security Practice Group, New York
Morrison & Foerster


Gabriel Meister
New York Partner, Technology Transactions Group
Morrison & Foerster

Gabriel Meister is a partner in the Technology Transactions Group in the New York office of Morrison & Foerster, and a member of the firm’s Global Sourcing Group.

His practice focuses on a wide variety of high-tech and life sciences matters, as well as intellectual property issues associated with mergers & acquisitions and other high-profile transactions.

He worked out of the firm’s Tokyo office from 2011 to 2013. Prior to his law career Gabe Meister designed and conducted bioinformatics and immunology research at Brown University’s TB/HIV laboratory.



Andrew Serwin
Global Privacy and Data Security Practice Group Partner
Morrison & Foerster

Andrew Serwin is a partner in the San Diego office of Morrison & Foerster, where his practice focuses on counsel and litigation involving privacy, cybersecurity, information governance, and information sharing. He is also a board member of the federally funded National Cyber Forensic Training Alliance (NCFTA), a conduit between private industry and law enforcement with the mission of identifying neutralizing cybercrime. 

Mr. Serwin is an advisor to the Naval Postgraduate School’s Center for Asymmetric Warfare, and is CEO and Executive Director of the Lares Institute, a think tank focused on privacy, information superiority, and national security issues.







About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY