Steven Spann


Private entities are increasingly targeting individuals in the United States and around the world to gather personal data for such purposes as product development, market identification, and insurance risk assessment. While credit card records and online browsing histories have long been the medium through which this data is gathered, in more recent years, wearable fitness devices have added a new dimension to data production and collection. These devices are capable of gathering a significant amount of data regarding a person’s physical and physiological characteristics, thereby exposing these data producers to personal privacy infringement. Washington State lawmakers and citizens must be pro-active in orienting themselves to the challenge of protecting personal health data derived from wearable fitness devices, and they must develop a framework of legal safeguards to protect individuals. Wearable fitness devices, as the name implies, are generally on or attached to a person’s body as a bracelet, watch, or token. These products utilize sensors to track, and otherwise monitor a broad range of activities performed by the user and generally transfer collected data to smartphones, computers, or network storage clouds. Most, if not all, of this personal health data is transferred to entities outside the control of the data producer, including the device’s manufacturer or a third party. While such sharing of data is becoming increasingly common—and, some might argue, expected—in our electronics-driven culture, individuals are neither adequately informed regarding the scope of the data collection, transfer, and use, nor are they adequately protected by the law from exploitative behavior by these data users. This Note addresses the nature and consequences of health data infringement by private entities, and the position that Washington State lawmakers should take in protecting against this infringement. Part I of this Note discusses the benefits and problems associated with wearable fitness devices and personal health data. Part II reviews the current federal approach to personal health data protection. Part III presents recommendations for Washington State constitutional amendments and legislative enactments that would protect Washington citizens against infringement of this data privacy. Finally, this Note concludes with a summary of the need for, and possible approaches to, protecting personal health data.