Wearable tech must comply with privacy laws, warns ICO

Wearable technology must comply with UK data privacy laws, the Information Commissioner’s Office (ICO) has warned.

The warning follows the UK launch of Google Glass, which is set to take the collection and processing of data by wearable technology to a new level.

Recent progress in hardware means wearable technology is likely to become as common in the workplace as mobile phones.

This will force UK company owners to start considering their response to Google Glass and other wearable technology, according to Andrew Paterson, senior technology officer at the ICO.

For example, some bar owners in the US have already banned Google Glass from their premises because of customers’ concerns about being filmed without their knowledge, Paterson wrote in a blog post.

Although he believes it will be up to society to decide how comfortable they are with wearables, like any new technology, the devices must comply with the law.

“In the UK, this means making sure that these devices operate in line with the requirements of the UK Data Protection Act (DPA),” said Paterson.

Anyone using a wearable technology for their own purposes is unlikely to breach the DPA, which includes an exemption for the collection of personal information for domestic purposes.

“But if you were to one day decide that you’d like to start using this information for other purposes outside of your personal use, for example to support a local campaign or to start a business, then this exemption would no longer apply,” said Paterson.

However, organisations that use wearable technology to process personal information will almost always be covered by the DPA, he added.

“This means that they must process the information collected by these devices in compliance with the legislation,” he said.

“This includes making sure that people are being informed about how their details are being collected and used, only collecting information that is relevant, adequate and not excessive, and ensuring that any information that needs to be collected is kept securely and deleted once it is no longer required.”

If the wearable technology can capture video or pictures, like Google Glass, then organisations must address the issues raised in the ICO’s CCTV Code of Practice.

Paterson notes that an update to the code is currently out for consultation until 1 July 2014.

He said there is also useful guidance on the Surveillance Camera Commissioner’s website, which has direct relevance to the use of wearables containing cameras.

Paterson said the rise of wearable technology raises exciting new possibilities and is set to become widespread in years to come.

“But organisations must not lose sight of the fact that wearables must still operate in compliance with the law and consumers’ personal information must be looked after,” he said.

As the use of wearable technology becomes more widespread, employers will need to put policies in place governing how staff use the technology, said lawyer Sue McLean at law firm Morrison and Foerster.  

For example, if a person wearing Google Glass videos a meeting with other employees, that could be construed as bullying, McLean told Computer Weekly.

Similarly, an employee in a disciplinary action could use a wearable device to surreptitiously record the meeting – and then use the recording in legal proceedings.

McLean added: “Companies have to be very clear on how and why employees use wearable technology, make sure they are clear what the rules are, and that they have taken adequate precautions to comply with privacy regulations and the law.”