Mobile health and a myriad of other types of apps collect personal data from users, but consumers are often unaware of the potential risks.
That’s according to a new report by the Government Accountability Office, which shows that most of the companies it surveyed are in fact taking appropriate steps to protect the privacy of consumers.
The Jan. 6 report, commissioned by Congress, focused mainly on in-car services but also examined smartphone apps. Even though the GAO has no authority to make recommendations to the 10 companies used in the study, the results demonstrate a new trend in raising consumer awareness about the secondary use of location data.
The GAO’s findings come as the 2014 International CES is taking place in Las Vegas, and under its umbrella is the two-day Digital Health Summit. Highlighted topics in this year’s show include mHealth and the expanding use of sensors in consumer products as well as the gathering and use of data — including location data — from that technology, an issue riddled with ethical and legal questions, but also pregnant with possibilities.
[See also: Are health and fitness "apps quietly taking over" CES?]
The prevalence of telematics systems, like those used in cars and smartphones to access the location of a consumer, provides a company with the opportunity to help consumers find services located near them.
But what of the selling of this data by data brokers? Congress and privacy advocates want to take a closer look.
In its study, the GAO set out to discover whether companies use the location data and, if they sell it, how well they follow industry-recommended privacy practices.
GAO researchers said they selected a non-generalizable sample of 10 companies because they represent the largest U.S. market share or because their services are widely used. The GAO examined documentation and interviewed representatives from each regarding their privacy practices in effect for 2013, then compared those practices to industry-recommended privacy practices.
What they found was that all 10 selected companies — auto manufacturers, portable navigation device (PND) companies and developers of map and navigation applications for mobile devices — collect data to provide consumers with location-based services. Nine companies share location data with third-party companies, such as traffic information providers, to provide services to consumers.
Representatives from two companies, meanwhile, said they share data in which personally identifiable information has been removed for purposes beyond providing services – for example, in research, although that is not always disclosed to consumers.
All the company representatives said they do not share personally-identifiable location data with or sell such data to marketing companies or data brokers. And all have taken steps consistent with some industry-recommended privacy practices. However, the companies’ privacy practices were at times unclear, which could make it difficult for consumers to understand the privacy risks that may exist, the GAO said.
This article originally appeared on Government Health IT.
Related articles:
Remote sensors making a play in concussion fray
A Candy Crush for stroke patients?
2 strategies for integrating patient-generated data into the EMR
