Skip to Content

Welcome!

Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.

Sign up

This question has been flagged
Tech PrivacyPETs
647 Views
Avatar
CKonnect

Today’s wearables—such as Google Fit Bands, Apple Watches, or any smart fitness trackers—form part of a vast, interconnected data ecosystem. These devices often sync with smartphones, cloud services, fitness apps, employer health challenges, family-sharing platforms, and even insurance portals.

This raises a vital privacy challenge:

Who controls your data, and which law applies when your health data flows across borders, platforms, and purposes?

Critical analysis of this scenario from a privacy and compliance perspective.

1. Device-to-Cloud-to-App Flow Mapping:
  • Imagine using a smartwatch linked to your phone, with data syncing to platforms like Google Fit or Apple Health.
  • Then, a third-party app (e.g., a wellness challenge tracker or insurance-linked platform) also accesses your data.
    Questions to think about:
    • How does the data flow between parties?
    • Who acts as the data controller, processor, or joint controller?
    • What contracts or governance frameworks should be in place?
2. Jurisdiction & Governing Law Conflicts:
  • Your device is made by a US company, hosted on EU servers, and you live in India or Singapore.
  • Which law governs your data? GDPR? DPDPA? HIPAA? PDPA?
    Task:
    • Evaluate how overlapping jurisdictions apply.
    • What compliance mechanisms (e.g., SCCs, BCRs, adequacy decisions) can organizations use to ensure lawful processing and data transfer?
3. Consent, Transparency & Purpose Limitation:
  • Users often sync health data with family, friends, or their employer’s health programs.
  • That same data might be reused for insurance underwriting or marketing.
    Task:
    • How should consent be obtained and managed across uses?
    • What risks arise when apps access more than what’s necessary?
    • What privacy notices, preference centers, or consent dashboards should exist?
4. Current Practices & Real-World Examples:
  • How do Apple, Google, Fitbit, or Samsung manage cross-border data, consent, and user rights?
  • Are users adequately informed about where their data goes and who sees it?
    Bonus:
    • If an employer offers wellness benefits using these devices, what should they consider from a compliance point of view?

This exercise is designed to simulate real-world privacy challenges where tech meets data, across borders. Focus on practical thinking, not just theory.


Avatar
Discard
Related Posts Replies Views Activity
Anonymisation vs Pseudonymisation – What Counts as Personal Data and What Doesn’t?
Tech Privacy PETs
Avatar
0
May 25
528
Privacy by Design
Tech Privacy
Avatar
0
May 25
474
What is neeeded for a Data Privacy Professional? Law/tech/Cyber/GRC - What?
Tech Privacy
Avatar
0
May 25
423
What is on-prem/cloud/hybrid?
Tech Privacy
Avatar
0
May 25
426