Wearable technology has brought in a new landscape in the emerging technology altogether, while we started moving towards using technology, through computers, communication devices like mobiles and tablets, Internet, little did we realise that we could physically wear technology enabled devices. It is interesting to note the way in which wearable technology has revolutionised the devices making it an essential part of one’s daily life. A majority of people be it students, professionals, senior citizens, women and the like make use of the wearable technology be it through smart watches, fitness bands, smart pendants, and the like smart devices. Given the kind of adaptability or flexibility and the features made available thereof by wearable technology, the wearable devices are being used for a variety of purposes whether be it personal, professional, social, medical and health and the like.
These wearable gadgets have started gaining significant value and can be considered a cross section of personalisation and technology, unlike the other gadgets, these facilitate interaction between human and machines since they can be physically worn by individuals.
ANALYSIS OF WEARABLE TECH
Given intrinsic nature of wearable technologies these are interconnected, they operate with the interphase of smart phone that act as a catalyst for the device and powers through the relevant apps. These wearable devices enable real time communication between the user and the device facilitating the access to information in real time. Further, these wearable devices are embedded with storage and data input capabilities.
WEARABLE TECH AND LAW
While wearable technologies focus not just on individuals but collect and process data as also interpret the data so as to take decisions on behalf of the user of such wearable technology. In this new world of wearable technology and devices distinctive legal policy and regulatory issues are emerging and this article intends to bring forward such cutting-edge policy regulatory Issues arising out of Wearable Technology and Law.
OWNERSHIP OF DATA-WEARABLE TECH
While one makes use of wearable device there is a lot of exchange of data between the user and the wearable device. This raises lots of questions regarding the ownership of such data. Another interesting scenario is whether such data belongs to the wearable device manufacturer or the service provider providing the said service regarding operations and maintenance of the device.
PRIVACY
The privacy being the fundamental right it becomes essential for wearable devices to protect the privacy of the individual user. By and large the wearable technologies are increasingly impacting the personal and the data privacy of the user. The service provider offering wearable technology and devices can no longer sit on the fence since more focus has to be made on protecting and preserving the privacy of individuals.
Companies will have to adopt focal thrust strategies and policies in the light of wearable devices as employees are making their way into the workplace with these wearable devices. I think companies have to take customised and indigenous approaches while coming up with parameters on how and why the employees use wearable devices and also clearly state the rules of usage in ensuring adequate protection security measures are in place so as to comply with regulations and law.
While it is just not the privacy relating to wearable device that needs to be considered, the privacy issues with respect to the relevant mobile apps also need to be looked into, since these wearable devices are connected to such mobile apps. However, most of the users of the wearable devices are not cognizant of the privacy violation and infringements arising thereof.
DATA PROTECTION
Data protection is the tipping point that needs to be considered with regard to wearable technology and devices. One of the questions that arises is regarding the data collection and processing in a wearable device. Over and top of it a lot of sensitive and personal data is exchanged between the device and user bringing in the issue of data protection. In this context policies and the terms and conditions with regard to data collection, processing and data protection need to be defined and specific informed consent needs to be taken from the user. One another aspect that needs to be specifically considered is sharing of sensitive and personal data with third party since these wearable devices are often integrated with third parties. Apart from the above specific data protection principles and policies would have to be adopted in the relevant mobile application since the wearable devices are often connected to mobile applications.
WEARABLE DEVICES AND IT ACT
While wearable devices make use of exchange of data between users and them, this data is ultimately nothing but information in electronic form and can be considered as an electronic record under the Information Technology Act. Further, these wearable devices collect data and provide a service with respect to that data turning themselves to be referred to as Intermediaries under IT Act 2000. It is pertinent to note that the Intermediary guidelines along with the cyber legal compliance envisaged under the IT Act and the rules and regulations made under shall be made applicable to wearable devices and technology.
WEARABLE DEVICES AND GDPR
It is interesting to see wearable technology and devices get amenable under the EU GDPR. The questions of Wearable Devices as Data Controller as also Data Processor are likely to bring in new manifestations.
With privacy by design becoming a primary requirement of GDPR Compliance, wearable device shall be under the heat. Therefore, the processing of personal data under the GDPR would have to be specifically addressed and specific aspects with regard to personal data and data sharing to third parties need to be reviewed in the light of GDPR and wearable devices.
Given the corporate scenario the trend of the employees making use of wearable devices in offices and workplaces it is likely to bring about distinctive legal challenges specifically in the light of data retention.
Further, with right to be forgotten and right not be automatically profiled being the data subject rights under GDPR it shall be required to obtain consent before processing personal data to analyse the behaviour, preferences, health and medical conditions or predict work performance, fatigue and the like. Thereby taking consent through fine print shall be a mistaken notion and specific and communicated consent is the new message coming loud and clear under the GDPR.
WEARABLE TECH AND IP
The wearable technology raises a lot of intellectual property issues and challenges. With more and more wearable devices making their way into the market are setting out copyright, patent and design related issues. more and more innovations are likely to be seen in wearable technologies. Apart from these a lot of IP is also generated during the exchange of data between the user and the wearable Device. It will be interesting to see how the wearable technology company is going to protect its database from an intellectual property perspective. Given the wearable technology, there can be following Intellectual Property protection which they might use for protecting the IP surrounding the same. Trademark can be used for protecting the brand name of the wearable technology as also wearable devices. Copyright can be used to protect the source code in the wearable technology. Patent can be used for protecting the invention, methodology of the wearable technology. Design can be used for protecting the design element of the wearable technology.
CONFIDENTIALITY
Given the fact that wearable devices store, handle, process sensitive and personal data, confidentiality is the new tip of the iceberg. Since most of the wearable devices are mapped with the relevant mobile apps confidentiality becomes big time ground reality. Further, these wearable devices are being used by the employees in workplace, this may open up a new picture with regard to confidential issues with regard to corporate data. In this kind of scenario, the specific confidential agreements and policies need to be outlined so as to ensure appropriate level of confidentiality. At the same time wearable devices shall also share and disclose confidential data to various service providers in the context of providing services specifically for wearable devices and wearable technologies.
That being so any unauthorised disclosure of confidential data may bring in legal ramifications in the light of national legislations relating to data protection, privacy, and the like.
WEARABLE TECH AND CYBER CRIMES
Given the intrinsic nature of wearable technology, the cyber criminals are devising new ways of targeting wearable devices. We could also potentially see a lot of cyber crimes including intrusion of personal privacy, unauthorised access, and intrusion of corporate data, breach of confidentiality and privacy and the like with regard to cybercrimes in wearable devices. While there are already instances in the public domain relating to the misuse of Wearable Devices like the Google Glass Explorer, Cecilia, Abadie instanceOct 30th2013-violating California Vehicle Code Section 27602.
PHYSICAL SAFETY
One of the key aspects that need to be considered in the light of wearable devices is the Physical safety of the individual using and wearing the wearable device. While it is just not the personal privacy that needs to be considered but ensuring physical safety also has to be considered. Physical safety in the sense is just not relating to any kind of physical harm brought in by the wearable device to the body including but not limited to any allergic reactions from sensors or the like brought in through wireless communication, but it also comprises of protecting the physical geographical position of the individual wearing the wearable device. This becomes important and critical since most of the wearable devices make use of location tracking features as also the GPS tracking mobile apps used in conjunction with the respective wearable device. However, in case the same is compromised or unauthorized accessed could endanger the physical safety of the wearable device user.
Surveillance
It is pertinent to note that wearable technology to be used for surveillance and monitoring by both state and non-state actors. This brings in privacy related concerns specifically lot of sensitive personal data and personal information is stored in wearable devices. However, given the intrinsic nature of wearable technology such sensitive personal data or Information could be intercepted and monitored by private players for doing a variety of activities including for marketing purposes. Addressing the concerns of privacy on one hand and surveillance and monitoring on the other hand shall be the test of the times. The scenario becomes more complicated in case such personal and sensitive data of the user lands in the hands of hackers and cyber criminals.
SMART WATCH CASE STUDY
It is interesting to note that data in smart watch was used to solve a murder case. This was in the year 2016 in Australia where a woman Myrna was murdered and her daughter in law called for help. It was found that the woman was dead by 6.30 pm and the daughter in law called for help only by 10 pm, which enabled her to wipe and clean up the evidence of the murder she committed. She claimed that her mother in law was murdered by men who invaded her house. However, the actual case broke open only after the forensic experts retrieved the digital data from the woman’s smart watch and analysed the same.
WEARABLE TECHNOLOGY AND EVIDENCE
In the above case study, we can understand that the data in the smart watch can be considered as an evidence for resolving legal cases. I believe that the data in wearable devices including smart watches is nothing but data in the electronic form that is E-records ultimately. This is nothing but digital evidence and can be legally admissible under Indian Evidence Act.
WEARABLE TECHNOLOGY AND JURISDICTION
I think the aspect of jurisdiction in the context of wearable technology is going to be ticklish. Given the nature of wearable technology the kind of Jurisdictional issues are going to be a completely different ball game altogether. Questions like where the data of the user is shared, processed to whom all it is shared will be a pandemonium. Another interesting aspect will be to understand which law will be applicable for any disputes arising thereof and which courts will have the jurisdiction to adjudicate such disputes is likely to bring in a lot of discussion debate among the law makers and various stake holders. However, will the jurisdiction outlined in the terms and conditions of such wearable devices be the guiding factor? This is likely to further complicate jurisdictional Issues. Over and on top how secure can be the storage of data and which enforcement agency can access it are also going to be knocking the door while going forward.
LIABILITIES
It is going to be interesting to analyse the landscape of liability in the context of wearable technology providers and service providers. In the absence of any national and international norms specifically in the light of wearable technologies I am of the opinion that the wearable technology and service providers should have in place reasonable security practices and procedures to protect sensitive personal data and personal information of the user while also having adequate measures to protect the privacy, safety of the user and also not indulge in any infringement of intellectual property rights and exercise care and caution and due diligence while discharging their obligations under the law and be duty bound to disable access to any illegal content. In this kind of scenario kinds of responsibilities to be followed by wearable technology and service providers will have to be specifically addressed as time passes by.
WEARABLE TECHNOLOGY AND CYBER SECURITY
As the wearable technologies are percolating with a rapid pace, cyber security is becoming the trigger point. Beyond the questions of privacy and data Protection, the cyber security relating to these devices is becoming an important vector and I believe that in this context cyber security law has to step in to address and mandate the appropriate cyber security obligations and cyber security legal compliance, specifically in the context of cyber security and wearable technology.
CONCLUSION
Given the bigtime adoption of wearable technologies in all walks of human life, the jurisprudence, legal, regulatory and policy aspects concerning wearable technologies will have to be dealt in a distinct manner. I believe that wearable technologies will bring forward interesting fragmented clusters of Cyber Law Development. I think this article will put forth a platform for discussions among various stake holders and will act as a key catalyst for the development of legal jurisprudence in the context of wearable technologies. I am of the opinion that the Information Technology Act, Rules and Regulations made there under is the Law on the eye while all of us are in the stage of voyage and on the cusp to address the legal nuances in the context of wearable technologies. Privacy, data Protection, cyber security, cyber crime, cyber legal compliance, jurisdiction, as also cyber law will emerge as critical instrumentalities in determining and defining the legal landscape of wearable technologies.
Adv. Sai Sushanth, Cyber Law Expert & Techno Legal Consultant