In an investigation into blood pressure monitors and blood glucose meters for home use, the Norwegian Consumer Council has looked at devices that connect to the internet via associated mobile applications. During the course of the investigation the Consumer Council identified a number of faults with the devices and services with regard to consumer protection and privacy. Such devices, and especially blood glucose meters, may pose significant privacy risks since information about the use of the device alone can reveal a great deal about an individual’s state of health. When a device that collects health data connects to the internet, it may also compromise the user’s control over their own data. Many of the devices examined by the Consumer Council automatically upload readings to cloud servers, while some also transmit data to companies in East Asia and North America without notifying the user. Many of the services also allow health data to be shared via email, which is not a secure channel for such information.
The Consumer Council notes that the terms of use for these services are long and indecipherable. For instance, it is unclear how personal data may be used, and all of the suppliers are free to amend their terms of use without notifying the user. Just by reading the terms of use it becomes clear that consumer protection and privacy rights are being compromised.
Link to publication