How Much Is Too Much? Should Life Insurance Providers Use Your Digital Data To Determine Your Health and Premiums?

Wearable health and fitness tracking devices, such as Fitbit, and mHealth technology, such as Apple’s mobile applications, have become so ubiquitous that they have permeated into most of our lives. It should therefore come as no surprise that companies are interested in the potential wealth of data that they represent.  

In the United States, insurer John Hancock (owned by Manulife Financial), began a pilot program in 2015 with its life insurance policies where a points-based system was used to potentially reduce the cost of life insurance. This is done through logging of activities the company has set as healthy habits, logging physical activity through the use of a wearable device such as a Fitbit, and other online methods of engagement. This program has now been moved from the pilot stage to a permanent feature.[1] In Canada, Manulife offers this same type of program through their Manulife Vitality program. Manulife has outsourced the associated data collection and analyzing for the operation of this program to the United States based company Vitality Group. In a similar vein, the Federal Government’s Impact and Innovation Unit has proposed that public servants be offered the use of fitness tracking devices to reduce their life insurance premiums.[2]

Although the use of these technologies as a method of determining life insurance premiums is framed as a beneficial cost saving exercise that can blend easily with daily life and promote a healthier lifestyle, their use is concerning.  Users should be cautious before entering into one of these programs, as Dr. Avner Levin, a professor with Ryerson University’s Ted Rogers School of Management, put it, “…they start out as a positive incentive, but then it morphs from a carrot into a stick. The stick is you are going to lose some coverage or are going to have to pay an additional premium because you are deemed to be less healthy. It’s a bit like mission creep.”[3]

Canada’s current health information regulations are based on the assumption that this data is collected in a more traditional manner through hospitals and physicians. Martin Sumner-Smith, a consultant to digital health companies in Toronto, described the new challenges to Canada’s current health information regulatory framework,

But soon you’re going to see patients coming with a massive amount of data that they themselves have collected. There is no clarity yet on what is legally possible. The biggest challenge is that a lot of devices are U.S.-based, so the data is stored on U.S. servers. From a Canadian perspective, they may not conform to privacy requirements.”[4]

In the wake of the global scandal with Cambridge Analytica and Facebook data use, concern over personal data collection and its use has become an increasing concern for our digital age.  Users of fitness tracking devices and health apps often do not own their own data, instead the manufacturer owns the data and determines its potential third-party use. Kit Huckvale MBChB MSc PhD, John Torous MD, and Mark E. Larsen MEng DPhil conducted a study of 36 top-rated apps for depression and smoking cessation to determine what happens to the data that these apps acquire. The data collection stage of their study ended in June of 2018, and their findings were published in April of 2019.[5] The study found, 

After interception and inspection of internet traffic generated by each app, data transmission to 1 or more third parties was identified for 33 of 36 apps (92%) (compared with 12 of 36 [33%] which data were transmitted to a destination operated by the developer) … Almost half of the apps (17 of 36 [47%]) transmitted data to a third party but lacked a privacy policy (9 apps), failed to disclose this transmission in policy text (5 apps), or explicitly stated that transmission would not occur (3 apps). [emphasis added] Among the 36 apps, 29 (81%) transmitted data to analytics and advertising or marketing services operated by 2 commercial entities, Google and Facebook, but only 17 of the 29 (59%) disclosed transmission in a policy.[6]

The study further found that most of the apps did not offer the users a method of determining what data would be shared, and found that the data found being shared to third parties included fixed device identifiers and advertising identifiers.[7] The authors also made a point to highlight that data transfer could mean that the user’s data could also be moved to jurisdictions with fewer protections and the data could be exploited or be subsequently transferred to further third parties.[8] It should also be noted that data collected by apps and wearable devices, when used with more sophisticated algorithms, can cross-reference the obtained health data with other traces of the user’s behaviour, such as activity types and location, to reveal the user’s identity.[9] The significance of the transfer of a user’s sensitive health data, especially when it may be explicitly contrary to a privacy policy, cannot be underscored enough as a major point of concern for users.

Along with concerns over the privacy of a person’s health data, the use of wearable fitness technology is concerning because of questions regarding the accuracy of these devices and programs. Fitness tracking devices, such as Fitbit, are designed for personal use and not medical testing. They are also designed to track only certain activities, such as running or walking, leading to inaccuracies regarding a calculation of a user’s fitness level.[10] These devices also do not account for challenges faced by those with physical limitations. Error margins within these devices in what activity they actually log, has been found to be up to 25%.[11] The lack of reliability and accuracy in the data collection capability of wearable fitness tracking devices and apps is a major problem if these are to be used for medical applications and as a means of determining the health of an individual.

It is expected that the wearable electronic devices industry, which includes fitness tracking devices, could reach over 150 billion dollars annually by 2027.[12] With this being such a potentially lucrative industry, and the protentional wealth of data the industry possesses, it is unsurprising that insurance companies will want to tap into this industry and use its data. The question is now whether use of this data in insurance will become as ubiquitous as the devices themselves, despite the above-noted concerns with their use.

[1] “All John Hancock life insurance policies to include fitness incentives” CBC (September 20, 2018), online: <>.

[2] Dean Beeby, “Federal agency looking at fitness trackers for public sector workers” CBC (March 12, 2019), online: <>.

[3] Pete Evans, “Manulife to offer Canadians discounts for healthy activities” CBC (February 9, 2016), online: <>.

[4] Rafal Gerszak, “How insurers are turning to fitness apps to decide your health coverage” The Globe and Mail (December 19, 2013, updated May 11, 2018), online: <>.

[5] Kit Huckvale, John Torous, Mark E. Larsen, “Assessment of the Data Sharing and Privacy Practices of Smartphone Apps for Depression and Smoking Cessation” (2019) JAMA Network Open.

[6] Ibid, at page 4 of 10.

[7] Ibid, at page 6 of 10.

[8] Ibid, at pages 6-7 of 10.

[9] Lucas Piwek, David A. Ellis, Sally Andrews, Adam Joinson, “The Rise of Consumer Health Wearables: Promises and Barriers” (2016) PLoS Med 13(2).

[10] Matt Smith, “Fitness-Tracking Apps Are Changing Life Insurance” Good Times (December 17, 2018), online: <>.

[11] Piwek, Ellis, Andrews, and Joinson, supra note 9.  

[12] Zoe Adams, “Does the Quantified-Self Lead to Behaviour Change?” The Decision Lab (November 2017), online: <>.

Rebbecca Phillips
Written by

Rebbecca Phillips is a lawyer at Lamont Law in Hamilton, Ontario. She obtained her LL.B. from the University of Kent in Canterbury, England, and was called to the Bar in 2017. Rebbecca is a member of the Hamilton Law Association, the Ontario Trial Lawyers Association, and the Ontario Bar Association.