ICO tech chief issues reminder on wearable technology and data protection

Organisations that use ‘wearable technology’ to process personal information must do so in compliance with the Data Protection Act, the senior technology officer at the Information Commissioner’s Office has stressed.

Writing on the ICO’s blog, Andrew Paterson said the use of this technology by organisations to process personal information would “almost always” be covered by the Act.

“This includes making sure that people are being informed about how their details are being collected and used, only collecting information that is relevant, adequate and not excessive and ensuring that any information that needs to be collected is kept securely and deleted once it is no longer required,” he explained.

Paterson said that if the wearable technology was able to capture video or pictures then organisations must address the issues raised in the ICO’s CCTV Code of Practice.

The watchdog is currently consulting on an update to the code. The closing date for submissions is 1 July 2014.

Paterson also highlighted guidance available on the Surveillance Camera Commissioner’s website that would have direct relevance to the use of wearables containing cameras.

“The rise of wearable technology brings exciting new possibilities and is set to become widespread in the years ahead,” he wrote.

“But organisations must not lose sight of the fact that wearables must still operate in compliance with the law and consumers’ personal information must be looked after.”

Paterson suggested that recent progress in hardware meant that wearable technology might become as common as mobile phones, as more and more technology companies start bringing out new devices that use personal information.

He added that products such as Google Glass, recently launched in the UK, were “set to take this processing of personal information to the next level”.

Paterson said there was “an important debate to be had around the privacy implications of wearable technology and it will ultimately be for society to decide how comfortable they are with wearables”.

He said if individuals were using a wearable technology for their own use then they would unlikely to be breaching the Act.

“This is because the Act includes an exemption for the collection of personal information for domestic purposes. But if you were to one day decide that you’d like to start using this information for other purposes outside of your personal use, for example to support a local campaign or to start a business, then this exemption would no longer apply.”