Wearable Technology- Who Owns The Data?

The 21^st Century is the era of the technology. Children born in the 2000s and the late 90s are born along with or grown up around the increased use of technology.  Everyday chores are now assisted by technology. Some are even substituted by them.

A report by the Grand View Research, an India & U.S.-based market research and consulting company, suggests a growth of 13.8% in the global wearable technology market from the year 2021 to 2028, amounting up to USD 118.16 Billion by 2028.

Another study made by Statista for the year 2021 reports that hearables being the most popular wearable occupies nearly 31.5 percent of the total wearables market, followed closely by smart watches which make up to 30.5% of the total market. It is also found that approximately 142 million units of wearables were sold in 2021 alone.

Gen-Z in particular, fancy technology and fashion at its heights. Fashion has played a paramount importance in expressing oneself. An interplay between these two hyped trends, i.e., fashion and technology gives rise to Wearable Technology.

Wearable technology in the simplest form can be defined as technological devices that can be worn on body. Some of them can be implants, clothing, accessories etc.

Ownership Of Data

Wearable technology is as much technology as it is fashion. In this sense, it is undisputed that it collects information or data from the user. The data collection is by the user manually logging in and giving the necessary information and/or the readings of the sensors attached to the wearables. Wearables, especially the ones in the health field collect sensitive information about the user including the heart rate, steps taken, physical or manual labour that is undertaken, the user’s name, location etc. It is not black and white as to where the information is stored or who exactly owns this information.

[Image Sources : Shutterstock]

The sensitive information collected by these devices definitely fall under the ambit of personal information. So does that mean that the user owns the information? The information so collected is produced by the device that the user wears. Does that justify that the manufacture is the owner of the information? In another argument, it is clear that the information collected by these devices are stored in the apps or softwares of these devices. Does that confirm ownership onto the service providers? It is still grey as to the ownership of the data collected by such devices.

Ownership Of Data- Indian Scenario

It is not clear as to who owns the data collected by wearable technology since there are no legislations exclusive to or inclusive of wearables. However, a vague idea of the current situation can be inferred through some of the already existing laws in India.

It is discern that the information provided or collected by the wearables are personal information. The term “Personal Data” as per the Personal Data Protection Bill, 2019 means any data of a person which helps in identifying such person and any inferences that can be drawn from such information that directly or indirectly identifies or helps in profiling such persons. Alongside, a mention of the term “Sensitive Personal Data” finds its importance in the context of wearables. SPD includes information of a person’s finance, health, sex life, sexual orientation, biometric information, genetic information, transgender status, intersex status, caste or tribe, religious or political beliefs etc. It can be concluded from here that the wearables, especially those that regulate health, collect information on Sensitive Personal Data. SPDs are exorbitantly protected under the Personal Data Protection Bill. To access, process or share SPDs, health care centres or any organization there is, has to receive an explicit consent from the user. This assures data protection in technologies.

Legislations like the Digital Information Security in Healthcare Act, 2018 and the Electronic Health Record Standards, 2016 touch upon data collected in electronic form. These laws protect the rights of the individuals whose health records are digitized. These Acts consider the user or the person whose digital health is processed, stored or used as the “owners”.

The health data collected, stores, generated or transmitted digitally, according to these laws, are owned solely by the user or the individual whose data is digitized. But such records shall be held in trust by the healthcare provider or the Health Information Exchange as the case maybe, on behalf of the users. If there is an entity whose in custody of any digital health data of any individual, it will be in their own custody provided the privacy of the information is protected by such entity. The laws further state that the medium of storage and transmission of such data shall be owned by the healthcare provider or Health Information Exchange as the case maybe. Irrespective of what the above provisions state, it is clear that the information of the users that fall under the ambit of “Sensitive Personal Data” and “Personal Data”.

Although there is a vague understanding on the distribution of ownership in various situations in technology, the main question of the main owner especially in non-health care centres is still ambiguous.

Copyrights Of the Data Derived from Wearable Technology

With the question of ownership, stems the question of copyrights. Copyrights protect expression of ideas. Once a work is put on tangible form, it, by default has copyrights. Would electronically produced information on a user be protected under copyright? And if yes, who owns such copyright?

The fundamental requirement for Copyright is Originality and Creativity. A work must satisfy these two conditions to be granted Copyright. The data produced by the wearables is collected from the users automatically. There is no involvement of creativity. Even if it is argued that the data was generated due to the activities (creative activities, therefore creation) of the users and hence the users have to be granted copyrights, it can also be argued that any other information that the device offers by studying the surroundings like the humidity or the temperature is delivered automatically and not by the user interface and hence the service providers shall be the owners of the copyright. These arguments, however, do not subsist as the core requirement for copyright, that is the concept of Originality is not satisfied.

Conclusion

Data collected by technologies are greatly sensitive. This information can be sold to any agent without the knowledge of the users. It is important to understand the terms and conditions of the privacy policy of each of these technologies before indulging in using them.

The ownership of data has been a long standing debate which has yet not been resolved even after a decade of advent of technology. The General Data Protection Regulation (GDPR) in the European Union promises a fair take on the stand of wearables in the current world. However, this is not enough to combat the issues that are bound to arise in the future in the Wearable Technology sphere. A standardized law needs to be brought up to explicitly explain the rights and liabilities of the users as well as the service providers and a stricter privacy policy needs to be brought forth.

Author: Anusha R, a student of Ramaiah Institute of Legal Studies, in case of any queries please contact/write back to us via email [email protected] or contact us at IIPRD.