Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

Privacy Challenges in the Quantified Self Movement – An EU Perspective

Dominik Leibenger / Frederik Möllers / Anna Petrlic / Ronald Petrlic / Christoph Sorge
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0042


The gathering of data about oneself (such as running speed, pulse, breathing rate, food consumption, etc.) is rapidly becoming more popular, and has lead to the catch phrase “Quantified Self” (QS). While this trend creates opportunities both for individuals and for society, it also creates risks, due to the data’s personal and often sensitive nature. Countering these risks, while keeping the benefits of QS services, is a task both for the legal system and for the technical community. However, it should also take users’ expectations into account. We therefore analyze the legal situation of QS services based on European law and the privacy policies of some major service providers to clarify the practical consequences for users. We present the result of a study concerning the users’ views on privacy, revealing a conflict between the user’s expectations and the providers’ practices. To help resolve the conflict, we discuss how existing and future privacy-enhancing technologies can avoid the risks associated with QS services.

Keywords: Quantified Self; Privacy


  • [1] adidas Group. Adidas Group acquires Runtastic. http://www.adidas-group.com/en/media/news-archive/pressreleases/2015/adidas-group-acquires-runtastic/, Aug. 2015. Press Release.Google Scholar

  • [2] I. Ajzen. The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2):179-211, 1991. Theories of Cognitive Self-Regulation.CrossrefGoogle Scholar

  • [3] Apple Inc. Developer: HealthKit. Webpage. https://developer.apple.com/healthkit/.Google Scholar

  • [4] M. Baldauf, S. Dustdar, and F. Rosenberg. A survey on context-aware systems. International Journal of Ad Hoc and Ubiquitous Computing, 2(4):263-277, 2007.Web of ScienceCrossrefGoogle Scholar

  • [5] M. B. Barcena, C. Wueest, and H. Lau. How safe is your quantified self? Technical report, Symantec, Aug. 2014. Version 1.1.Google Scholar

  • [6] M. Borghi, F. Ferretti, and S. Karapapa. Online data processing consent under EU law: a theoretical framework and empirical evidence from the UK. International Journal of Law and Information Technology, 21(2):109-153, 2013.Google Scholar

  • [7] J. Camenisch and A. Lysyanskaya. Signature Schemes and Anonymous Credentials from Bilinear Maps. In M. K. Franklin, editor, Advances in Cryptology - CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, volume 3152 of Lecture Notes in Computer Science, pages 56-72. Springer, 2004.Google Scholar

  • [8] M. Conner and C. J. Armitage. Extending the Theory of Planned Behavior: A Review and Avenues for Further Research. Journal of Applied Social Psychology, 28(15):1429-1464, 1998.CrossrefGoogle Scholar

  • [9] A. Daly. The law and ethics of ‘self-quantified’ health information: an australian perspective. International Data Privacy Law, 5(2):144-155, 2015.Google Scholar

  • [10] R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The Second-Generation Onion Router. In M. Blaze, editor, Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, pages 303-320. USENIX, 2004.Google Scholar

  • [11] Eugene Mandel. How the Napa Earthquake affected Bay Area sleepers. Webpage, August 2014. https://jawbone.com/blog/napa-earthquake-effect-on-sleep/.Google Scholar

  • [12] Flurry. Health and Fitness Apps Finally Take Off, Fueled by Fitness Fanatics. Webpage, June 2014. http://flurrymobile.tumblr.com/post/115192181465/health-and-fitness-appsfinally-take-off-fueled.Google Scholar

  • [13] M. Freedman, K. Nissim, and B. Pinkas. Efficient private matching and set intersection. In C. Cachin and J. Camenisch, editors, Advances in Cryptology - EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science, pages 1-19. Springer Berlin Heidelberg, 2004.Google Scholar

  • [14] J. Girao, D. Westhoff, and M. Schneider. CDA: concealed data aggregation for reverse multicast traffic in wireless sensor networks. In 2005 IEEE International Conference on Communications, 2005, volume 5, pages 3044-3049 Vol. 5, May 2005.Google Scholar

  • [15] P. Gola, C. Klug, B. Körffer, and R. Schomerus. BDSG: Bundesdatenschutzgesetz: Kommentar. C.H.Beck, 11th edition, 2012.Google Scholar

  • [16] J. Grossklags and A. Acquisti. When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To- Protect Personal Information. In 6th Annual Workshop on the Economics of Information Security, WEIS 2007, 2007.Google Scholar

  • [17] M. Gruteser and B. Hoh. On the Anonymity of Periodic Location Samples. In D. Hutter and M. Ullmann, editors, Security in Pervasive Computing, volume 3450 of Lecture Notes in Computer Science, pages 179-192. Springer Berlin Heidelberg, 2005.Google Scholar

  • [18] A. Hilts, C. Parsons, and J. Knockel. Every step you fake - a comparative analysis of fitness tracker privacy and security. Technical report, Open Effect, 2016. Version 0.3.Google Scholar

  • [19] R. Hoyle, R. Templeman, S. Armes, D. Anthony, D. Crandall, and A. Kapadia. Privacy behaviors of lifeloggers using wearable cameras. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp ’14, pages 571-582, New York, NY, USA, 2014. ACM.Google Scholar

  • [20] M. Humbert, E. Ayday, J.-P. Hubaux, and A. Telenti. Addressing the concerns of the lacks family: Quantification of kin genomic privacy. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13, pages 1141-1152, New York, NY, USA, 2013. ACM.Google Scholar

  • [21] C. Jensen and C. Potts. Privacy Policies As Decision-making Tools: An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’04, pages 471-478, New York, NY, USA, 2004. ACM.Google Scholar

  • [22] C. Jensen, C. Potts, and C. Jensen. Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies, 63(1-2):203-227, 2005. {HCI} research in privacy and security.CrossrefGoogle Scholar

  • [23] J. Kahn. RunKeeper, Withings, Strava, & iHealth plan HealthKit integration, excited for medical industry tie-in. Webpage, June 2014. http://9to5mac.com/2014/06/04/runkeeper-withings-strava-ihealth-plan-healthkit-integrationexcited-for-medical-industry-tie-in/.Google Scholar

  • [24] J. Kaye. Abandoning informed consent. In O. Corrigan and R. Tutton, editors, Genetic Databases: Socio-Ethical Issues in the Collection and Use of DNA. Routledge, Abingdon, 2004.Google Scholar

  • [25] A. D. I. Kramer, J. E. Guillory, and J. T. Hancock. Experimental evidence of massive-scale emotional contagion through social networks. Proceedings of the National Academy of Sciences, 111(24):8788-8790, 2014.Web of ScienceGoogle Scholar

  • [26] B. Latré, B. Braem, I. Moerman, C. Blondia, and P. Demeester. A survey on wireless body area networks. Wirel. Netw., 17(1):1-18, Jan. 2011.Google Scholar

  • [27] F. G. Martinez Perez, C. Sorge, R. Petrlic, O. Ugus, D. Westhoff, and Gregorio. Privacy Enhanced Architecture for Smart Metering. International Journal of Information Security, 12(2):67-82, 2013.CrossrefWeb of ScienceGoogle Scholar

  • [28] meetup.com. Quantified Self Meetups. http://www.meetup.com/en-US/topics/quantified-self/all/.Google Scholar

  • [29] A. Narayanan and V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. In Proc. IEEE Symposium on Security and Privacy (SP 2008), pages 111-125, May 2008.Google Scholar

  • [30] quantifiedself.com. Guide to Self-Tracking Tools. http://quantifiedself.com/guide/.Google Scholar

  • [31] Reuters. Google unveils “Fit” health, fitness tracking platform. http://www.reuters.com/article/2014/06/25/googlehealthcare-idUSL2N0P61N820140625.Google Scholar

  • [32] D. Riboni, L. Pareschi, and C. Bettini. Privacy in georeferenced context-aware services: A survey. In C. Bettini, S. Jajodia, P. Samarati, and X. Wang, editors, Privacy in Location-Based Applications, volume 5599 of Lecture Notes in Computer Science, pages 151-172. Springer Berlin Heidelberg, 2009.Google Scholar

  • [33] runtastic GmbH. Facts About Runtastic. Available at https://www.runtastic.com/mediacenter/corporate-assets/english/company-overview/facts-about-runtastic_en_may2016.pdf, May 2016.Google Scholar

  • [34] Samsung. Intelligence for smarter health. Webpage. http://www.samsung.com/us/ssic/innovation_areas/#digitalhealth.Google Scholar

  • [35] P. M. Schwartz. The eu-u.s. privacy collision: A turn to institutions and procedures. Harvard Law Review, 126:1966-2009, 2013.Google Scholar

  • [36] J. Y. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The effect of online privacy information on purchasing behavior: An experimental study. Info. Sys. Research, 22(2):254-268, June 2011.Google Scholar

  • [37] G. Wolf. What is The Quantified Self. http://quantifiedself.com/2011/03/what-is-the-quantified-self/, Mar. 2011.Google Scholar

  • [38] C. K. Wong, M. Gouda, and S. S. Lam. Secure group communications using key graphs. In Proceedings of the ACM SIGCOMM ’98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM ’98, pages 68-79, New York, NY, USA, 1998. ACM.Google Scholar

  • [39] A. C. Yao. Protocols for Secure Computations. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pages 160-164, Washington, DC, USA, 1982. IEEE Computer Society.Google Scholar

  • [40] J. Zhang, V. Dibia, A. Sodnomov, and P. B. Lowry. Understanding the disclosure of private healthcare information within online quantified self 2.0 platforms. In 19th Pacific Asia Conference on Information Systems, PACIS 2015, Singapore, July 5-9, 2015, page 140, 2015.Google Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 4, Pages 315–334, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0042.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Comments (0)

Please log in or register to comment.
Log in