Will research teams and IRBs have to rethink how they view data collected from wearable devices? A recent paper finds that supposedly anonymous data from wearables that measure things like heart rate, gait, and other parameters can be used to reidentify individuals. The authors report that “…reidentification risks from wearable device data are higher than previously appreciated. Moreover, the minimum data duration for reidentification ranged from 1 to 300 s, suggesting that very small amounts of data can be sufficient to pose a privacy risk in seemingly anonymised biosensor data.” The study involved examining previously published studies examining reidentification of people from biometric signals from wearable devices. Data from these types of devices can be combined with other publicly available datasets to reidentify individuals.A graphic in the paper indicates that Correct Identification Rates exceeding 85 percent were achieved in studies looking at people using wearables while eating pasta, brushing teeth, or typing.
The study makes for reading that’s both fascinating and more than a little unsettling.