Privacy In Wearable Devices Used In Healthcare in BANGLADESH

1. Introduction

Wearable healthcare devices—such as smartwatches, fitness trackers, glucose monitors, ECG patches, and smart health bands—collect continuous and highly sensitive personal health data. In Bangladesh, their use is increasing in telemedicine, private hospitals, fitness programs, and remote patient monitoring.

However, these devices raise serious privacy and data protection concerns because they collect:

  • Heart rate and ECG data
  • Blood glucose levels
  • Sleep patterns and stress indicators
  • GPS/location tracking
  • Continuous biometric monitoring
  • Behavioural and lifestyle data

Since this is health data (sensitive personal data), privacy risks are significantly higher than ordinary digital data.

2. Legal Framework in Bangladesh

(a) Constitutional Protection

  • Article 43 of the Constitution of Bangladesh
    • Protects privacy of correspondence and communication.
    • Interpreted broadly to include digital and health-related data.

(b) Cyber Security Act 2023

  • Governs unauthorized access, hacking, identity misuse, and digital harm.
  • Relevant for wearable devices when:
    • Health data is hacked
    • Data is stolen or leaked
    • Unauthorized tracking occurs

(c) Digital Governance Context

  • No dedicated “Health Data Protection Law” yet exists.
  • Medical data is regulated indirectly through:
    • Hospital policies
    • Telemedicine guidelines
    • General cybercrime provisions

3. Privacy Risks in Wearable Healthcare Devices

Wearable devices create unique privacy challenges:

(1) Continuous Data Collection

  • Always-on tracking without active user control.

(2) Biometric Sensitivity

  • Health data can reveal diseases, pregnancy, mental health conditions.

(3) Data Sharing with Third Parties

  • Insurance companies, advertisers, app developers.

(4) Weak Security in Low-cost Devices

  • Many imported devices lack encryption standards.

(5) Cross-border Data Transfer

  • Data stored on foreign servers (cloud platforms).

(6) Lack of Informed Consent

  • Users often do not fully understand data usage.

4. Case Law Principles Relevant to Wearable Health Data Privacy

Bangladesh has limited direct case law on wearable healthcare devices. Therefore, courts rely on constitutional interpretation and persuasive foreign judgments.

5. Important Case Laws

1. Kharak Singh v State of Uttar Pradesh (1962, India)

  • Recognized that intrusive surveillance violates personal liberty.
  • Though not explicitly about digital data, it set early privacy principles.

Relevance to wearables:
Continuous monitoring of a person’s body functions (heart rate, movement, location) is similar to surveillance and can violate privacy if uncontrolled.

2. Gobind v State of Madhya Pradesh (1975, India)

  • Expanded the concept of privacy as part of personal liberty.
  • Introduced the idea that privacy is not absolute but must be reasonable.

Relevance:
Wearable health monitoring must be reasonable, proportionate, and consent-based.

3. People’s Union for Civil Liberties (PUCL) v Union of India (1997, India)

  • Held that telephone tapping is a violation of privacy unless properly authorized.
  • Introduced safeguards for interception of communication.

Relevance:
Health data transmitted from wearable devices (via Bluetooth or internet) cannot be intercepted or accessed without lawful authority.

4. Justice K.S. Puttaswamy v Union of India (2017, India)

  • Landmark judgment declaring privacy a fundamental right.
  • Established key principles:
    • Consent
    • Data minimization
    • Purpose limitation
    • Proportionality

Relevance to wearables:
Health data collected must be:

  • Necessary
  • Explicitly consented to
  • Used only for stated medical purposes

5. Roman Zakharov v Russia (2015, European Court of Human Rights)

  • Addressed mass surveillance and lack of safeguards.
  • Held that uncontrolled interception violates privacy rights.

Relevance:
If wearable health data is continuously collected and transmitted without safeguards, it may resemble mass surveillance.

6. Carpenter v United States (2018, U.S. Supreme Court)

  • Held that historical mobile location data is highly sensitive and requires warrant protection.
  • Recognized digital metadata as protected privacy information.

Relevance:
Wearable devices that track GPS, movement, and lifestyle patterns must treat such data as highly sensitive personal information.

7. Google Spain SL v AEPD (2014, EU Court of Justice)

  • Established “Right to be Forgotten.”
  • Individuals can request removal of personal data from search results.

Relevance:
Users may request deletion of wearable health data from apps or cloud systems after treatment or use ends.

8. Vidal-Hall v Google Inc (2015, UK Court of Appeal)

  • Held that misuse of personal data can cause psychological harm even without financial loss.
  • Strengthened data protection enforcement.

Relevance:
Leakage of wearable health data (e.g., disease conditions) can cause emotional distress and legal liability.

6. Application to Wearable Healthcare Devices in Bangladesh

(a) Consent Requirement

Users must clearly agree to:

  • What health data is collected
  • How long it is stored
  • Who can access it

(b) Data Security Obligations

Manufacturers and healthcare providers should:

  • Encrypt health data
  • Secure cloud storage
  • Prevent unauthorized access

(c) Limitation on Data Use

Health data should not be used for:

  • Insurance discrimination
  • Marketing without consent
  • Sale to third parties

(d) Cross-border Data Transfers

Since many wearable apps store data abroad:

  • Users’ health data may be outside Bangladesh jurisdiction
  • This increases regulatory risk

(e) Right to Access and Deletion

Inspired by international principles:

  • Patients should be able to delete or correct wearable health records

7. Key Legal Principles Derived from Case Law

From the above cases, the following principles apply:

1. Health Data is Highly Sensitive

(Puttaswamy, Carpenter)

2. Continuous Monitoring Requires Strong Justification

(Kharak Singh, Zakharov)

3. Consent is Central

(Puttaswamy, PUCL)

4. Surveillance-Like Data Collection Must Be Regulated

(Zakharov)

5. Data Misuse Causes Legal Liability Even Without Financial Loss

(Vidal-Hall)

6. Individuals Have Control Over Personal Digital Data

(Google Spain)

8. Conclusion

Privacy in wearable healthcare devices in Bangladesh is an emerging legal issue shaped by constitutional rights and foreign judicial precedents. Although Bangladesh lacks a dedicated health data protection law, Article 43 of the Constitution and the Cyber Security Act 2023 provide partial safeguards.

International case law clearly shows that biometric and health data collected by wearable devices is highly sensitive and requires strict protection, consent, and transparency.

As wearable healthcare technology expands in Bangladesh, stronger data protection laws and regulatory frameworks will be essential to ensure that continuous health monitoring does not become continuous surveillance.

RELATED Blog

Cyber Law and Fake News during COVID-19

Using Cyberspace To Vent Out Anger By Travestying ...

Internet Censorship

Reasonable security practices and procedures and s...

Cyber Fraud in Banking industry

Supreme Court Upholds Right to Internet as a Funda...

Supreme Court Issues Landmark Guidelines on Live S...

European Union Introduces Tougher Data Privacy Law...

United States Supreme Court to Decide on Whether A...

Cyber Law at Afghanistan

LEAVE A COMMENT

comments

Load more comments

Copyright © 2024 Law Gratis. Design by Digiinterface