Recent reports have raised concerns with the Amazon health tracking bracelet collecting an unprecedented level of personal data, including body scans and voice tone
WASHINGTON - U.S. Senator Amy Klobuchar (D-MN) sent a letter to Health and Human Services Secretary Alex Azar, urging the Administration to address privacy concerns surrounding the Amazon Halo, a health tracking bracelet. Recent reports have shined a light on Halo’s access to extensive personal and private health information. Among publicly available consumer health devices, the Halo appears to collect an unprecedented level of personal data. In her letter, Klobuchar called on the federal government to do more to ensure consumers' health data privacy.
“While new wearable fitness devices make it easier for people to monitor their own health, these devices give companies unprecedented access to personal and private data with limited oversight. The Halo enters the consumer market at a time where there are very few federal regulations in place to require privacy and security protections for consumer’s personal health data collected by these wearable fitness devices,” Klobuchar wrote.
“This lack of federal guidance persists despite the fact that nearly one in five Americans use a smart watch or fitness tracker...More must be done to ensure the privacy and security of health-related consumer devices.”
Full text of letter found HERE and below.
In her role as a senior Member of the Senate Commerce Committee and Ranking Member of the Senate Judiciary Subcommittee on Antitrust, Competition Policy and Consumer Rights, Klobuchar has championed efforts to protect consumers’ privacy - especially with regard to sensitive health information.
In August, Klobuchar and Senator Jerry Moran (R-KS) sent a letter to Federal Trade Commission (FTC) Chairman Joseph Simons urging the FTC to take action to address the troubling data collection and sharing practices of the mobile application (“app”) Premom.
In June 2019, Klobuchar and Senator Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act to protect consumers’ private health data not covered under existing privacy law. Health data tracking apps have given companies access to unprecedented levels of consumer health data, yet current law does not adequately address the emerging privacy concerns presented by these new technologies. The Protecting Personal Health Data Act addresses these health privacy concerns by requiring the Secretary of Health and Human Services to promulgate regulations for new health technologies such as health apps, wearable devices, and direct-to-consumer genetic testing kits that are not regulated by existing laws.
In July 2020, Klobuchar led a letter to the Department of Justice (DOJ) to urge the Antitrust Division to conduct a comprehensive review of Google’s proposed acquisition of Fitbit, which raised concerns about Google’s ability to access activity-monitoring data from Fitbit’s millions of users and employ Fitbit user data to support Google’s advertising and other businesses.
In November 2019, Klobuchar joined Commerce, Science, and Transportation Committee Ranking Member Maria Cantwell (D-WA) and fellow senior members Senators Brian Schatz (D-HI) and Ed Markey (D-MA) in unveiling comprehensive federal online privacy legislation to establish privacy rights, outlaw harmful and deceptive practices, and improve data security safeguards for the record number of American consumers who now shop or conduct business online.
Also in November 2019, Klobuchar released a statement following reports from the Wall Street Journal that Google and Ascension are collaborating to share the personal health information of roughly 50 million Americans—including personally identifiable information, lab results, hospital records, and physician diagnoses—on Google’s cloud system. Klobuchar and Senator Murkowski sent a letter to the Department of Health and Human Services (HHS), urging the agency to examine the collaboration between Google and Ascension health system.
Full text of the December 11, 2020 letter HERE and below:
Dear Secretary Azar:
We write to express our serious concerns regarding recent reports on the data collection practices of Amazon’s health-tracking bracelet (Halo) and to request information on the actions the U.S. Department of Health and Human Services’ is taking to ensure users’ health data is secure.
The Halo is a fitness tracker that users wear on their wrists. The tracker’s smartphone application (app) provides users with a wide-ranging analysis of their health by tracking a range of biological metrics including heartbeat patterns, exercise habits, sleep patterns, and skin temperature. The fitness tracker also enters into uncharted territory by collecting body photos and voice recordings and transmitting this data for analysis. To calculate the user’s body fat percentage, the Halo requires users to take scans of their body using a smartphone app. These photos are then temporarily sent to Amazon’s servers for analysis while the app returns a three-dimensional image of the user’s body, allowing the user to adjust the image to see what they would look like with different percentages of body fat. The Halo also offers a tone analysis feature that examines the nuances of a user’s voice to indicate how the user sounds to others. To accomplish this task, the device has built-in microphones that listen and records a user’s voice by taking periodic samples of speech throughout the day if users opt-in to the feature.
Recent reports have raised concerns about the Halo’s access to this extensive personal and private health information. Among publicly available consumer health devices, the Halo appears to collect an unprecedented level of personal information. This raises questions about the extent to which the tracker’s transmission of biological data may reveal private information regarding the user’s health conditions and how this information can be used. Last year, a study by BMJ (formerly the British Medical Journal) found that 79 percent of health apps studied by researchers were found to share user data in a manner that failed to provide transparency about the data being shared. The study concluded that health app developers routinely share consumer data with third-parties and that little transparency exists around such data sharing.
While new wearable fitness devices make it easier for people to monitor their own health, these devices give companies unprecedented access to personal and private data with limited oversight. The Halo enters the consumer market at a time where there are very few federal regulations in place to require privacy and security protections for consumer’s personal health data collected by these wearable fitness devices. This lack of federal guidance persists despite the fact that nearly one in five Americans use a smart watch or fitness tracker. Concerns over health data privacy became particularly relevant last year when Google bought Fitbit—a health tracking device company—and data privacy experts cautioned that current laws and regulations do little to hold Google and other companies accountable to adhere to basic privacy standards, notwithstanding these companies’ public claims that they safeguard users’ “privacy” and “security” and promises to never sell private health information to others. More must be done to ensure the privacy and security of health-related consumer devices.
In light of these concerning reports about the significant amount of sensitive health and personal data the Halo collects—and given the critical role that HHS has in protecting the privacy and security of health information—we respectfully ask that you respond to the following questions:
- What actions is HHS taking to ensure that fitness trackers like Halo safeguard users’ private health information?
- What authority does HHS have to ensure the security and privacy of consumer data collected and analyzed by health tracking devices like Amazon’s Halo?
- Are additional regulations required to help strengthen privacy and security protections for consumers’ personal health data given the rise of health tracking devices? Why or why not?
- Please describe in detail what additional authority or resources that the HHS could use to help ensure the security and protection of consumer health data obtained through health tracking devices like the Halo.
Thank you for your time and attention to this important matter. We look forward to working with you to improve health data privacy protections for all Americans.