Design and Tech

Will Our Fitness Data Be Used Against Us?

Your activity tracker knows a ridiculous amount about you—from the wear on your running shoes to what coffee shop you'll stop at on your next ride. And that data's getting shared for financial gain.

Will Our Fitness Data Be Used Against Us?

Fitness-tracking companies have a lot of data to work with, but insist that they have good intentions and know the risks. Photo: Fitbit

Every day that I log training miles, I look forward to the Moment of Download.

That’s when I beam my workout info—stats like power, heart rate, and mileage—from my GPS-equipped bike computer to my Strava account. Seconds later, the fitness-tracking site presents a beautiful snapshot of all the data that matters most to a bike geek like me: The week’s mileage! Peak wattage! How I rank against my buddies on our favorite climb! For a slice of time, I escape work and life’s logistics, and lose myself in numbers and digital-fitness fraternalism. I am in a state of data-tracking-induced bliss.

I’m certainly not contemplating the notion that my fitness data might be used against me in a court of law, or exploited for corporate gain. But perhaps I should. I count myself among the many—arguably, most—athletes who are clueless to the fact that such downloaded data is collected, potentially accessible to the likes of insurance companies and litigators, and in certain ways, the property of the outfits that gather it.

That’s right: The numbers we generate with our own blood, breath, and sinew are not entirely our own. These are prickly issues that athletes face now and likely will into the distant future. Welcome to the dawn of a love-hate relationship with the useful yet potentially invasive ways our training is tracked.

“Definitely everyone is thinking about the data,” says Jonah Comstock, an associate editor at the online business publication MobiHealthNews. “Companies know what they have. The question is, how will they use it?”

Two particularly high-profile, fitness-oriented social networking sites each have arsenals of data: Six-year-old Strava has information from well over 160 million individual rides and runs, and its mobile app is now available in 11 languages. MapMyFitness, which incorporated in 2007, has over 31 million registered users. On a nice summer day, MMF will collect one million fitness downloads. Yes—health snapshots of a million people in a single day. These companies know ridiculous amounts about us and to some extent, they’re already exploiting it for financial gain. At this very moment, however, not only are we unscathed by the maneuvers, we’re benefitting from them.

Last year, Strava launched Strava Metro, an arm of the business that licenses up to a year’s worth of relevant exercise data, such as routes most preferred by cyclists and runners, to government organizations. Ideally such data will be used to help those organizations better design and locate exercise-friendly paths, bike routes and lanes, and additional supporting infrastructure. All of the information sold, Strava says, is aggregated, anonymized, and specific to the community or region that made the purchase.

The Oregon Department of Transportation was the first organization to buy Strava Metro data, paying $20,000 last September to access the info. Other Strava Metro clients include the city governments of Evanston, Illinois, as well as the United Kingdom’s London and Glasgow. Strava says it’s on pace to work with 20 to 40 additional metro areas in 2015.

Meanwhile MapMyFitness has performed similar work, providing information on the commuting habits of local riders to cities like Denver in the name of making streets more bicycle-friendly. “We see it as part of being a good citizen,” says MapMyFitness general manager Chris Glode. “We’re analyzing a lot of data for Denver.”

Bigger returns on our fitness data involve product partnerships, which is where data tracking starts to take on more of a Big Brother vibe.

Last year, Under Armour-owned MapMyFitness launched Gear Tracker, which gives users of MapMyFitness apps (of which there are six, including MapMyWalk and MapMyRun) an ability to track their shoe wear. After 300 to 500 miles, users receive email notifications that their running shoes are likely wearing thin, and get offers to buy a new pair of the same sneakers from In turn, Zappos pays MMF a flat but undisclosed fee for the “sponsorship” opportunity.

The upside must be good. MapMyFitness has similar corporate tie-ins with Subaru and Purina—companies that both want to associate with MMF’s MapMyDogWalk app. And in early February, Under Armour announced the acquisition of fitness-tracking apps MyFitnessPal and Endomondo. The total outlay of $560 million creates a burgeoning audience for Under Armour and its corporate clients: Under Armour now has a portfolio of 120 million online fitness users.

“One thing we emphatically know is that the more they work out, the more apparel and footwear they’re going to ultimately buy,” Under Armour Chief Executive Kevin Plank told reporters in the wake of the business deals. Strava hasn’t—yet—created digital gear malls, but the site does let users track the wear of their running shoes, as well as cycling components like bike chains, tires, brake pads, and cycling-shoe cleats.

“Sometime in the future we may service the athlete by automating their purchases of what they need, like new tires or more sports nutrition,” says Strava co-founder and president Michael Horvath. “The supplies could just show up in the mailbox.”

Plenty of subscribers won’t see these exchanges or potential services as insidious or predatory—especially in this day and age, where in Orwellian fashion, companies like Google regularly festoon the web pages we view with tailored ads.

Both Google and Apple, by the way, are also in the business of health-data acquisition via proprietary apps, and in the case of Apple, every iPhone purchased nowadays comes with its Health app. Health both captures fitness data via the phone’s accelerometers, and aggregates it courtesy of third-party companies like Strava. Still, Google and Apple, as well as MMF and Strava, also insist that users have the ability to keep their data private.

But the entrepreneurial minds at these hungry technology orgs are always working, often at a clip faster than ours when it comes to checking privacy-policy boxes in the fine print of freshly downloaded software. Strava, for instance, can now determine which stores, cafes, and eateries its cycling users frequent while using the app to record a ride. You can learn more about the technology—which Horvath says doesn’t yet have a specific intent—at Strava Labs “Top Stops.”

The opportunity to profit on our very physical well being also remains a possibility. Downloading data after having a notably bad run could someday result in a pop-up ad for arnica or cheap ibuprofen. Returning to one of the fitness sites after a long absence could trigger a commercial brought to you by some fad diet.

Of course, insurance companies would likely relish access to our health data as well, even if only to confirm that we’re in decent shape. A small health insurance startup called Oscar already offers customers $20 Amazon gift cards for logging a certain number of steps monthly via a fitness-tracking bracelet.

On the occasion when we’re not so healthy—for example, due to a cycling accident—an insurance company might want to know precisely where we were, or how fast we were traveling at the moment of impact. No doubt, they’d love to pin the fault on someone other than their client. Lawyers, in fact, are already trying to do just that.

In a pending personal-injury lawsuit filed by a Calgary, Canada-based law firm, attorneys are mining data from a Fitbit fitness tracker. The woman filing the suit—a personal trainer—hopes that the data currently stored by her wearable helps prove that she isn’t nearly as active as she once was, or what would be considered optimal for someone in her profession. The accident that arguably slowed her down occurred over four years ago.

The case—reportedly the first to tap wearables data for evidence—raises a parade’s worth of potential red flags on the topic of fitness data and privacy, not the least of which is the data’s accessibility.

Despite being health-related, our captured fitness information isn’t specifically shielded under the Health Insurance Portability and Accountability Act (HIPAA) when it’s stored in wearables, bike computers, or on a social networking site like Strava. If law enforcement wants your fitness or location information badly enough—if the data is, for example, subpoenaed—the Web companies may surrender it. Certainly they already have.

Another big question is who actually owns the downloaded data. While MMF’s Glode insists that his company gives its users every chance to wall off their numbers, Under Armour’s “User Privacy Policy” states that declining to submit personal or location information may mean “that we are unable to provide certain Services to you.” As for Strava’s online “Terms and Conditions,” they say that users own their data but also that they’ve given Strava all sorts of “worldwide, perpetual, irrevocable… and royalty-free” rights to exploit it. In other words, it’s tough to have your complete privacy and your Strava KOMs, too.

In the case of the personal trainer and her litigation, it’s not outlandish to consider that an insurance company could successfully access her captured data and somehow weaken her argument. Imagine finding yourself in a similar situation: you and your lawyer interpret your fitness data one way, and some opposing, big-bucks legal team interprets it differently.

What’s worse is that the very data in play may be highly inaccurate. Researchers at Iowa State University and the University of Pennsylvania both recently found that popular wearables, which feature accelerometer technology, frequently miscalculate energy expenditure and/or step counts—by as little as 1.5 and as much as 23.5 percent. GPS is more reliable. Leading navigation equipment manufacturer Garmin claims its products are accurate to within 50 feet. Still, anyone who’s potentially interested—like the lawyers and perhaps a judge and jury in the groundbreaking personal trainer case—will have to take fitness-tracker evidence with a grain of salt.

So there you have it. We’re entering a new era of big-data sausage making, courtesy of our fitness information. Make no mistake, organizations like Strava and MapMyFitness know full well what they have, and for now, they insist that they’re only using it for good.

“With the amount of data we have, there’s the potential for things to be over-targeted and creepy and weird,” says MapMyFitness’s Glode. “We try to steer way way way from that.”

But remember, a couple years ago people discovered that phone companies have long coughed up user data to the National Security Agency. And when an outfit called Nike was young and lean, it also insisted that its customers—you know, athletes—came first. But then Nike became beholden to its shareholders. “One of our strengths is that we don’t have to sell $1 billion worth of socks,” Horvath told me during our phone interview late last year.

“In the future we might have to do things to move the needle that we wouldn’t have done in 2015,” he added. “But right now? Everyone here has bought into the vision.”

That “everyone” includes me, as well as a lot of others who regularly—unthinkingly—send Strava, MapMyFitness, and several other companies some very potent information. I sure want to believe that there are still many happy Moments of Download to come.

Filed To: Wearable Tech

Subscribe to Outside

Outside Magazine Latest Issue

Save 66% and get All-Access: Print + iPad

Not Now

Need a Gear Fix?

Open email. Get latest gear. Repeat.

Thank you!