Spanish Agencia Española de Protección de Datos – AEPD has issued a press release on the data protection implications of’IoB’ (internet of body) devices. These are devices connected to the Internet that monitor and/or act on vital signs, biometric data, and health indicators (e.g. physical activity, sleep quality, and sports activity).

IoB devices include external, implicated and body fused devices.

Key takeaways:
  • Reliability, robustness against cyberattacks and the resilience of all the processing in which the devices are framed must be the maximum possible.
  • Apply the principles of data protection by design and by default, in addition to security measures.
  • Be mindful of connectivity through the internet incorporates the generation of metadata, including geolocation data, which could lead to the profiling of individuals, obtaining data on emotional reactions, cognitive abilities, mental health, preferences etc.
  • Assess the risks of the processing operations in which these devices are incorporated, not only of the devices themselves.
  • Assess third-party access to the data.

Read the full release.