Over the past few years, there’s been a surge in the popularity of health tracker devices and applications that keep tabs on health information such as your heart rate, the number of steps you take a day, how much you weigh, how much sleep you get, and even your daily water intake. In 2017, 24 percent of consumers reported using a wearable fitness tracker, and 24 percent reported using a health tracking app (this doesn’t mean that 48 percent of consumers used either a fitness tracker or an app—undoubtedly some consumers used both). In 2018, the six most popular fitness tracking apps had a total of 71.3 million active users. And that raises some internet privacy concerns.

Like any device or application connected to the internet, health tracker services collect an enormous amount of data about you. And any connected device gathering personal information implicates internet privacy.

If you use a health tracker you should worry about internet privacy

That fitness and health tracker you wear on your wrist transmits really personal information — just one reason we need internet privacy protections.

For example, researchers used data from one fitness tracking company to determine the location of secret army bases and the actual movements of U.S. soldiers. We are already seeing some insurance companies using fitness tracking data to set health insurance rates.  From a privacy perspective, that’s really intrusive and quite scary—especially when you consider the fact that most consumers aren’t aware that their health tracker data is being shared with, and often sold to, third parties.  In response to these issues, last Friday, U.S. Senators Amy Klobuchar and Lisa Murkowski introduced legislation to give consumers greater control over the data that health tracker apps collect, including the ability to review, change, and delete their health tracking data.

This legislation is important, but it also misses the bigger internet privacy picture.

As I mentioned above, the fitness tracking devices and apps collect health tracking data are connected to the internet. That’s how the fitness tracking companies collect your data—the device or app sends the data through your Wi-Fi or mobile broadband connection to the company. And the company that owns that Wi-Fi or mobile broadband connection? That’s your Internet service provider, or ISP. If you think about it, your broadband connection is your only “pipe” to the Internet—to access a website, or send an email, or make an online payment, that data has to be handled by your ISP. While a health tracking company may collect your health tracker data, or a website like Amazon may collect information about your shopping habits, your ISP is the only company with the ability to collect every single piece of data you send out across the internet. If the idea that your smart watch is collecting data about your health is scary, the fact that your ISP is collecting everything ought to be terrifying.

If you bring up internet privacy with your ISP, the response will likely be platitudes like, “We here at Cable Company take our subscribers’ privacy very seriously,” or fake outrage like, “We would never share customer data!  How dare you say so!” But here’s the thing: for years now, I’ve been asking ISPs to tell me what data about consumers they collect, and who they share that data with, and how much money they make sharing that data. And the only information that ISPs have consistently refused to share with me? The answers to those questions.  Based on that ISP behavior, I’m pretty confident that (1) your ISP collects a ton of data about you, (2) they sell that data to anyone willing to pay for it, and (3) they make a whole bunch of money by selling your data. Not only is your ISP charging you outrageous fees every month, it’s also making a ton of profit by tracking data about you.

So what can you do about it? Well, you could install software to set up a virtual private network (VPN), which encrypts all your online data. Or you could be lucky enough to live in a state like California, where advocates are working to create the strongest internet privacy protections in the nation. But really, the only long-term solution is a set of nationwide privacy protections.  Getting those nationwide privacy protections has been, and will continue to be, a pitched battle—selling data is a very lucrative business, and ISPs are willing to spend an enormous amount of money on lobbying.  It’s going to be a tough fight, but it’s a fight that’s worth it.