The Consumer Electronics Show (CES), held in Las Vegas each January, reveals tech vendors' latest visions of the future. This year many of them were marketing a vision replete with wearable devices.
Market analysts also envision a bright future for wearable tech. Deloitte analysts said in January that "smart glasses, fitness bands and watches should sell about 10 million units globally in 2014, generating £2bn". Credit Suisse reckons the entire market will be worth $50bn by 2018.
Along with the burgeoning consumer market, device manufacturers and suppliers are targeting the nascent business market. This encompasses 'business' devices designed for specific types of industries, such as sensors built into construction helmets for assessing job site safety; and consumer gadgets used by the enterprise, such as airport workers wearing smartglasses to enable hands-free working and remote interaction with IT systems.
So far, the business market has consisted primarily of early adopters assessing this technology. This group includes Tesco, which has given smart armbands to workers at a distribution centre in Ireland to track goods, allocate tasks and measure movements within the building, with a view to improving the efficiency and accuracy of operations. A few firms have also gone from pilot scheme to full-scale rollout: health insurer Pru Health offers a Fitbug health and fitness wearable device to members as part of its 'Vitality' programme.
It seems inevitable that this year more organisations will start exploring the potential commercial applications of this technology or begin offering wearables to employees, business partners or customers. In addition, 2014 will no doubt see many more tech-savvy employees bringing personal wearable technology into work, for a host of reasons, including improving productivity, health benefits and ubiquitous connectivity. This BYOWD (Bring Your Own Wearable Device) trend represents the next wave of the general BYOD trend, which began with smartphones and tablets.
A key challenge for the business market is that a huge amount of personal data can be collected from many of these devices. For example, health and fitness gadgets can capture sensitive details about a person’s health, and send it automatically to the cloud for potential processing by the tech vendor, who may then wish to share it with third parties for 'big data' profiling.
To comply with the law, wearable device manufacturers and suppliers will - in the EU at least - need to consider a multitude of data protection, privacy and security issues. These then need to be dealt with properly at design stage, at the point of data capture and once the data has been collected.
For instance, under EU data protection law, individuals must be given clear and transparent information about what data is collected about them and how it will be used, in addition to rights to manage their personal data.
EU law also requires the collection of data to be limited to what is needed for the primary purpose of the technology - the 'data minimisation' principle. However, this concept does not sit comfortably with the 'big data' trend of aggregating and crunching pools of data for new applications as this often goes beyond the primary purpose of the health device.
Importantly, the 'big data' example above highlights the disconnect between wearable technology and current regulation. Although big data analytics and profiling may benefit all involved, including in many cases the wearer, it makes it difficult for individuals to keep track of, and control, what personal data is shared, when and with whom, and where it's stored. And while many consumers are prepared to effectively trade their data and lose some control over it in exchange for perceived benefits, EU law as it stands does not allow this.
Smartglasses and wearable cameras also present a number of new challenges for employers considering whether to permit or support BYOWD. As well as updating employment contracts and related policies such as social media policies, disciplinary policies and dress codes, employers will need to consider the impact of the devices on other employees' expectations of privacy.
Alongside this, data security is another important issue. If hacked, some wearables could expose a huge amount of intimate and extensive personal data about an individual, such as their health, location and behaviour. This can of course already happen with laptops, tablets and smartphones, but the potential scale and intrusiveness of breaches involving wearables is unprecedented.
Longer term, there are EU data protection reforms in the pipeline, which – in their current formulation – include the controversial 'right to be forgotten' and the right not to be 'profiled' without consent. If implemented, these reforms would, for example, give wearers the right to have all personal data erased, and would require suppliers in the wearable industry to obtain consent before processing personal data to analyse or predict their performance at work, health, location, personal preferences or behaviour. Consent would need to be specific and actively communicated, so, arguably, sweeping consents or burying terms in fine print will not be enough.
These changes may require many tech vendors to alter the ways in which they collect, use and store data, and adjust their user-facing and back-end systems accordingly. The reforms are also likely to impose direct liability on 'data processors' for the first time, so others in the supply chain, such as cloud providers, will have statutory compliance obligations as well as the primary 'data controllers' of the wearers' personal data.
The proposed changes are still being debated, with a view to being finalised by the end of 2014, although legislation may be delayed until 2015. In any case, they are likely to result in initial and ongoing compliance costs for players in the wearable industry. Failure to comply could result in proposed fines of two per cent of annual global turnover for 'enterprises', or up to €1m in other cases.
Ultimately, as is often the case with emerging technologies, it falls to the industry to grapple with these compliance issues. Until the law catches up, device manufacturers, tech vendors and businesses that use or allow employees to use wearables need to address the legal challenges in order to exploit this new technology in a lawful way whilst realising the potential benefits of wearable technology in business.
Louise Taylor is a senior associate at law firm Taylor Wessing.