Want to use wearables? Can you justify their use?

Wearables: what exactly are they?

The Oxford English Dictionary refers to them as:

A wearable commodity, an article of clothing. Chiefly in pl

Surprisingly perhaps, the word has been in use since at least 1711.

Even Charlotte Brontë used it, in 1849, in her second novel Shirley (although admittedly, she was probably thinking of petticoats and chemises at the time, not pieces of kit that often have more computing power than the rocket which propelled humans to the moon).

In essence, 'wearables' now typically means wearable technology: think more Buck Rogers-style sunglasses and less Victorian frumpiness.

So what does this mean in practice?

It is becoming clear that practitioners and businesses need to tread very carefully in this developing area. This term is not as innocuous as it sounds. Whilst there is no standalone law on this tech—no Wearable Technology (Permitted Uses) Regulations 2014—many existing laws, such as the Data Protection Act 1998, do apply to its use. There is also now guidance on how these devises can be used (such as from the ICO).

To this end, last week, we had a first look at the latest ICO guidance on wearable technology: Want to use wearable technology in your business? Check out new ICO guidance first. We also checked out the ICO's useful seminar on the subject a few days later:

https://twitter.com/ICOnews/status/524219081978048513

In essence, the main issue for many businesses is whether they can use devices (such as Google Glass) to record their customers.

It certainly looks as though this will be difficult to justify in many cases. For example, since our post last week, we asked the ICO the following question on this technology:

[T]he new guidance states that there has to be, eg, a pressing social need to use wearables & their use has to be necessary. How realistic is this for businesses that want to use wearables? What can businesses realistically do to comply?

Ignoring my excited overuse of the word 'realistic', here's the ICO's response:

Before businesses begin using wearable technologies to collect personal information they must be able to justify its use and need to consider whether its introduction is proportionate, necessary and addresses a pressing social need. If you are going to use audio recording, as well as visual recording, the collection of audio and video needs to be justifiable. In order to do this businesses should carry out a privacy impact assessment and adopt a privacy by design approach to limit the impact the use of this technology has on a person’s privacy - our guidance explains how businesses can go about doing this.

There’s a clear balance that needs to be struck, but any business should be able to provide a person with a justifiable reason to explain why their information is being collected in this manner. If they can’t, then they’re likely to be breaching the Data Protection Act.

That is a high threshold. Moreover, there isn't any really guidance as to what a 'pressing social need' is in the context of wearable technology.

To understand the concept of 'pressing social need', we need to look at human rights law and this is where things get a bit messy. Businesses usually think that the Human Rights Act 1998 doesn't apply to them and, as a rough rule of thumb, they're usually right: this law applies in the main to public authorities.

However, the 1998 Act may apply in some cases (following the Michael Douglas/ Catherine Zeta-Jones case against Hello! magazine in 2001) and, in any event, so far as possible the courts interpret English law to comply with the European Convention on Human Rights (ECHR) which the 1998 Act incorporated into English law.

In other words, the courts will typically lean towards the principles in the ECHR in interpreting and developing the Data Protection Act 1998.

So what does all this mean?

It means that the right to privacy may have a much more important role to play in the development of wearables than many lawyers or businesses think.

The EU's data protection advisory body's guidance on 'pressing social need' (albeit in a slightly different context) may therefore be of help here:

... after reviewing much of the ECtHR’s jurisprudence in this area, it seems when thinking about (and this is not an exhaustive list) the ECtHR has highlighted possible factors when assessing [what] ‘pressing social need’ might be:

* Is the measure seeking to address an issue which, if left unaddressed, may result in harm to or have some detrimental effect on society or a section of society?
* Is there any evidence that the measure may mitigate such harm?
* What are the broader views (societal, historic or political etc) of society on the issue in question?
* Have any specific views/opposition to a measure or issue expressed by society been sufficiently taken into account?

Are there many businesses that can answer 'yes' to all of these questions in all circumstances?

I doubt it.

The use of the technology for security purposes may be justified in some circumstances but it is difficult to see how, for example, staff wearing special glasses could constantly record customers just because it 'looks cool'.

The use of this tech demands a sophisticated approach: look at the ICO guidance. Consult a lawyer specialising in this area.

In the meantime, keep an eye out for the Wearable Technology (Permitted Uses) Regulations 2014, or 2015, or 2016...

(To be fair, you may have a long wait.)

In any event, if you are keen to understand the challenges in this area, feel free to join the Halsbury's Law Exchange team at its event Wearable technology & the impact on society and privacy to be held on 4 November at the Royal College of Physicians Museum. The panel discussion will involve leading practitioners and commentators and will be chaired by leading legal journalist Joshua Rozenberg. Tickets are free. Drinks and networking will follow the event. Click here for more details.