UnderArmour data breach should raise questions about extent of data collection

This latest breach (as reported in the Washington Post story below)is more evidence that consumers need to have a choice NOT to automatically share their sensitive personal information with the vendors of wearable devices. While at least in this case the company told people about it, we really must wonder if companies like Under Armour need to be accumulating such vast stores of sensitive personal data in the first place.

Looking at the terms of service, it is clear that consumers must agree to all of the company’s policies if they want to use the service:

“Your access and use of the Services (regardless of whether you create an account with us), constitutes your agreement to these Terms and our Privacy Policy, which is incorporated into the Terms. Stated alternatively, if you disagree with any part of the Terms, then you are not permitted to use our Services. Further, by accessing and using our Services, you understand and agree that your Personal Data (as that term is defined in our Privacy Policy) and User-Generated Content (defined below) that is shared with a Service may also be shared among the entirety of Under Armour and its other Services.”
(Source: https://account.underarmour.com/terms-and-conditions)

This type of clause (which is fairly typical) deprives consumers of any meaningful ability to give informed and knowing consent to the collection, use and storage of their personal information.

Usernames, and email addresses tied to 150 million user accounts were accessed by hackers, the company said.