On December 5, 2016, seven German DPAs issued press releases (example press release (source document in German)), stating that none of the tested wearables, activity trackers, and fitness and health apps met data protection requirements. The DPAs tested 16 wearables and their respective apps, which were downloaded more than 30 million times. The privacy policies examined did not meet regulatory requirements, and the DPAs pointed out that sensitive health data is processed by third parties, used for marketing purposes, and shared with affiliates. In addition, users cannot purge their data, even if their devices are lost, stolen, or sold. The DPAs are researching ways to handle user complaints relating to this data processing.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.