Fitbit Touts Research Protections Amid Expansion

Stay ahead of developments in federal and state health care law, regulation and transactions with timely, expert news and analysis.

By Alex Ruoff

May 18 — Wearable fitness tracker company Fitbit has adopted many of the same privacy practices as clinical research organizations, despite having none of the legal obligations of one, according to the head of research for the company.

Researchers at the country's largest maker of fitness trackers regularly test new features for the company's products on one another and examine the behavior of Fitbit customers for insight, Shelten Yuen, vice president of research at Fitbit, told Bloomberg BNA May 17. The company takes steps to use anonymous data—information that doesn't contain identifying information such as names or location—and guards against experimental biases, similar to clinical research organizations.

Recently, Fitbit began offering employees small rewards for volunteering to participate in research, an effort to emphasize that being a human guinea pig for the company is optional, Yuen said.

“We do a lot of our internal research on ourselves,” he said. “What we've learned is that you certainly feel some pressure when solicited by a coworker, so it might not feel voluntary, even though it is.”

Fitbit and the Center for Democracy and Technology (CDT), a privacy and civil liberties advocacy organization, want to hold the company up as an example of how digital health companies should undertake internal research and development. The CDT May 18 released a report that outlines Fitbit's research practices and recommends ways similar companies should behave.

Companies that make wearable fitness devices—like step counters, sleep trackers and heart rate monitors—are increasingly facing ethical questions related to their use of data, Michelle De Mooy, deputy director for the Privacy and Data Project at the CDT, said.

Fitbit's research and development team has grown significantly, according to financial filings by the company. The company spent $72.2 million on research in the first quarter of 2016, more than triple than in the first quarter of 2015. Altogether, the company has spent roughly $150 million on research and development since the beginning of 2015.

The company has lauded partnerships with medical groups such as the Dana-Farber Cancer Institute to support clinical research, but has insisted these partnerships are separate from its internal research and development work.

Fitbit is unique among digital health companies in that it is trying to rely less on consumers by regularly pushing out new and innovative products. The company this year announced it is working on more advanced sensors and moving in a more clinical and medical-grade direction.

Ethical Questions

While much of the focus from regulators and the public has been on examining what digital health companies do with consumers' data, these companies are also increasingly performing advanced research, Michelle De Mooy, deputy director for the Privacy and Data Project at the CDT, told Bloomberg BNA.

De Mooy, who authored the report on Fitbit's privacy practices and interviewed a dozen of the company's employees, said this raises new questions about how digital health companies are performing research, such as whether they're taking steps to protect their customers' and employees privacy.

“We want companies to ask these ethical questions about their R&D process,” she said.

The report, shared with Bloomberg BNA ahead of its release, said wearable companies need to warn their users if they plan to use their data for research and development. Consumers should also be empowered to delete their personal information from the products they buy, the report said.

Privacy Concerns

However, digital health companies aren't bound by law to offer consumers any of these protections, Pam Dixon, executive director and founder of the World Privacy Forum, a privacy advocacy organization, told Bloomberg BNA May 17.

Dixon said her organization wants makers of wearables to be held to similar standards as health-care organizations, which must obtain explicit consent to perform many kinds of clinical research and must allow people access to any information pertaining to them.

“This isn't some toy we're talking about, the technology is collecting health data,” Dixon said. “These companies are moving into the ranks of actual clinical research and it's important to have these privacy protections in place and bound by law.”

A Culture of Protection

Fitbit researchers aren't worried about encroaching regulation, Yuen told Bloomberg BNA. He said there are few indications that federal regulators or states have any interest in restricting the company's internal research and development work.

Many of the engineers at Fitbit and other digital health companies have experience with clinical research, Yuen said. For example, Yuen himself previously worked to develop robots that perform surgeries.

This experience has prompted many at the company to take precautions with research efforts, particularly when using customer data, he said.

“We knew early on that users were concerned about what we'd do with their data,” Yuen said. “So we've tried to do the right thing.”

Strong privacy policies, like those adopted by Fitbit, are intended to protect from issues other large companies have faced in the digital health space. Internet giant Google Inc. in 2012 agreed to pay $22.5 million to settle Federal Trade Commission claims that it misled people about its privacy policies. The company similarly settled a class action lawsuit in 2015 for $8.5 million where the search engine was accused of improperly selling users' personal data to third-party organizations (In re Google Referrer Header Privacy Litig., 2015 BL 95117, 87 F. Supp. 3d 1122 (N.D. Cal. 2015).

To contact the reporter on this story: Alex Ruoff in Washington at

To contact the editor responsible for this story: Kendra Casey Plank at

For More Information

The CDT report is at

Request Health Care on Bloomberg Law