I saw a Sophos post earlier this week about fitness apps and privacy. You could substitute nearly any type of app into the first part of that statement, because with nearly every app you use, free or paid, some data is collectable about you.  Most apps, unlike a lot of software, do not have high profile privacy policies you have to read before you install the application.  You may choose to click on the Agree button for most software, either without reading or with a perfunctory skim, but apps don’t even make the pretense.  You install them, you try them, and if you like them, you use them.

I use several fitness apps, and I confess, I’m not knowledgeable about what they claim they will or won’t do with my data.  Why is this a big deal?  My doctor may have very similar data about me, but my doctor and his staff have strict rules about what they can and cannot do with that data. Fitness apps have no such restrictions.

What should we do?  I like having the data available to me.  I love the convenience of the data being on any of my devices and automatically updated, but to do that, I need to use the company’s database on their servers.  In several cases, I’ve granted the company permission to share my data with other app companies, and I do that for my convenience.  I want my Withings scale to update my Fitbit and Lose It! apps.

I checked Withings’ privacy policy.  They are adamant they want to protect my information, yet they absolve themselves of all responsibility if anything happens to compromise it.  It’s governed by French law.

Fitbit is pretty clear about how they use my data and why. Third party interactions are those authorized by me (to share with Withings and LoseIt!, for example) or for order fulfillment (when I ordered my extra charging cable, for instance, they needed to be able to tell whomever shipped it where to send it), and for internal research.  They claim anything going outside the company is anonymous aggregate data.

LoseIt! also has a detailed privacy policy.  Of probable interest is the knowledge that if you only use their app on my phone and do not connect to anything else and only use the free app, all data stays on my phone and doesn’t go anywhere else — including to LoseIt!  They go on to explain other aspects of the service and how and when data might be used.

These policies all seem straightforward, allowing the apps to do things I’m likely to want them to do while making a prudent effort to protect my recognizable data.  These three companies have a solid, commercial reputation, and their business is tied to how well they protect this data.

What about companies like Google, Apple, and Facebook whose core business is not fitness or health-related activities?

Google has a reputation for hoarding personal data and information, and this could be one more prong in developing a full profile for a person. Apple does not have a reputation for playing fast and loose with their customer’s information, but they are buying up companies who have been focused on fitness areas recently.  Facebook recently purchased the Moves app, which I used on my iPhone briefly before finding better things and deleting it.  Fitness and health apps are hot and stand to be very profitable.  I’m sure each of these companies are making business decisions to move into this area, but will they do so at our expense?

As consumers, we’re caught in a bind. We can vow to stay off line and go old school (at least for a little while) by weighing on an unconnected scale or tracking personal information in paper notebooks — or not bothering with it at all.  Or, we can embrace the technological capabilities available to us, reading privacy policies (understanding they are subject to change at any time) before investing in the technology that will do the things we want it to do.

These questions are only going to become more difficult to answer in the future.  What are your thoughts?