How do Juul and tobacco companies collect your personal data?
February 25, 2020
Par: communication@cnct.fr
Dernière mise à jour: August 6, 2024
Temps de lecture: 7 minutes
How do Juul and tobacco companies collect your personal data?
July 29[1], in all discretion, Juul has released a new device already available in the UK. Juul which is billed as – the “ tobacco replacement start-up » known for its tiny nicotine vapes, its enticing fruity flavors among young people and its sky-high valuation – is apparently launching into the data sector. The company, which has invested 12.8 billion[2] of dollars 
from cigarette giant Altria in December, creates a new Bluetooth enabled device and corresponding mobile app (only available on Android at this time). Juul says these offers are part of its overall mission to help smokers switch to the product. But the company is also reportedly launching a program that would allow third parties to access Juul's customer data — including sensitive details like usage habits[3].
The new device records data on when and where it is used and records the number of puffs a user takes., tracking your consumption habits. It also has connectivity features, such as a locator to find your vape if lost and a device lock to prevent anyone other than you from using your device. The C1 app uses facial recognition and two-step background verification to verify the user's age, in order, they say, to prevent teenagers from using the device. Juul users will have to submit a selfie and a photo of a government-issued ID to be able to use the app. They can set the device so that the e-cigarette is only usable when the smartphone owner has unlocked the device. It also has an auto-lock feature that prevents the e-cigarette from working when it is out of range of the smartphone. Recent reports suggest that Juul is also considering implementing geofences that would prevent its product from being used in certain areas, including in and around schools.Like any technology, an app can be used for good or for evil – or rather for a bit of both.", says Margaret Foster Riley, a health law expert at the University of Virginia. I wouldn't be surprised if they sell data to third parties - that's where the money is.. »[4]
Privacy experts have expressed concern about the data collection required for the new deviceThe main risk is that this data, namely the telephone number, date of birth, facial recognition and national identification number, will be disclosed, it is possible to identify the person from this data. This could be health-related information, an extremely sensitive area under the General Data Protection Regulation (GDPR)[5]. While Juul's privacy policy may be revised after the launch of its new Bluetooth device and apps, the company already reserves the right to share your personal data — such as your location, payment information, and email addresses — with third parties. A mobile app, however, could significantly expand the type of data Juul collects and the amount of data it shares.
Nicolas Terry, executive director of the Hall Center for Law and Health at Indiana University, said that such data could be of interest to several different entities, such as employers and health insurers. This can be a big problem, especially in the United States, where some employers have banned smoking on and off the job, because a healthier employee base saves the company money on health insurance. Recently, some companies have incorporated e-cigarettes into their smoking bans[6].
An idea that is not new...
Philip Morris International Inc., and its new heated tobacco device called iQOS, which still claims the electronic gadget is less likely to cause disease than traditional cigarettes, has another, less obvious advantage over conventional cigarettes: the ability to collect personal data about users' smoking habits.
The tobacco giant is already building an iQOS customer database who register with the company. And it has developed software where for every purchase of a device, it is required to log in online and create an account to assimilate its device to the application that reminds you from time to time through push notifications that your device is about to run out of battery! The initiative, if regulators allow it, could extract information about a user's smoking habits and use it for marketing purposes, said a former project manager of the company who tested the software in Japan. This data would include the number of puffs and average consumption per day, said Shiro Masaoka, who worked at Philip Morris in Japan from 2012 to 2016[7].
Some IQOS users do not trust this application (also only available on Android ...) because it is supposed that PMI, via Bluetooth allows the application as a means to monitor user data. This follows a investigation conducted by TechInsights in 2018 which revealed that all IQOS devices contain microcontroller chips capable of storing user data. If the device's chips are actively monitoring users, it is without their consent, meaning PMI could have violated data privacy laws.
©Generation Without Tobacco
[1] https://www.wired.co.uk/article/juul-c1-e-cigarette-youth-vaping [2] https://edition.cnn.com/2018/12/19/business/altria-juul/index.html#targetText=Fresh%20off%20a%20%241.8%20billion,maker%20Juul%2C%20worth%20%2412.8%20billion. [3] https://www.dailymail.co.uk/sciencetech/article-6021125/Juul-reveals-plans-smart-Bluetooth-e-cigs-use-biometric-data-prove-smokers-age.html [4] https://onezero.medium.com/juuls-upcoming-smart-device-could-pose-a-major-privacy-risk-f4151f6c2dd2 [5] The GDPR is a European Union regulation that is the reference text for the protection of personal data. It strengthens and unifies data protection for individuals within the European Union. The main objectives of the GDPR are to increase both the protection of individuals concerned by the processing of their personal data and the accountability of those involved in this processing. These principles can be applied thanks to the increase in the power of regulatory authorities. [6] https://www.healthmarkets.com/content/smoking-and-health-insurance#targetText=The%20ACA%20allows%20for%20insurance,vary%20from%20state%20to%20state. [7] https://af.reuters.com/article/commoditiesNews/idAFL3N1SM2BN | © National Committee Against Smoking |
from cigarette giant Altria in December, creates a new Bluetooth enabled device and corresponding mobile app (only available on Android at this time). Juul says these offers are part of its overall mission to help smokers switch to the product. But the company is also reportedly launching a program that would allow third parties to access Juul's customer data — including sensitive details like usage habits[3].
The new device records data on when and where it is used and records the number of puffs a user takes., tracking your consumption habits. It also has connectivity features, such as a locator to find your vape if lost and a device lock to prevent anyone other than you from using your device. The C1 app uses facial recognition and two-step background verification to verify the user's age, in order, they say, to prevent teenagers from using the device. Juul users will have to submit a selfie and a photo of a government-issued ID to be able to use the app. They can set the device so that the e-cigarette is only usable when the smartphone owner has unlocked the device. It also has an auto-lock feature that prevents the e-cigarette from working when it is out of range of the smartphone. Recent reports suggest that Juul is also considering implementing geofences that would prevent its product from being used in certain areas, including in and around schools.Like any technology, an app can be used for good or for evil – or rather for a bit of both.", says Margaret Foster Riley, a health law expert at the University of Virginia. I wouldn't be surprised if they sell data to third parties - that's where the money is.. »[4]
Privacy experts have expressed concern about the data collection required for the new deviceThe main risk is that this data, namely the telephone number, date of birth, facial recognition and national identification number, will be disclosed, it is possible to identify the person from this data. This could be health-related information, an extremely sensitive area under the General Data Protection Regulation (GDPR)[5]. While Juul's privacy policy may be revised after the launch of its new Bluetooth device and apps, the company already reserves the right to share your personal data — such as your location, payment information, and email addresses — with third parties. A mobile app, however, could significantly expand the type of data Juul collects and the amount of data it shares.
Nicolas Terry, executive director of the Hall Center for Law and Health at Indiana University, said that such data could be of interest to several different entities, such as employers and health insurers. This can be a big problem, especially in the United States, where some employers have banned smoking on and off the job, because a healthier employee base saves the company money on health insurance. Recently, some companies have incorporated e-cigarettes into their smoking bans[6].
An idea that is not new...
Philip Morris International Inc., and its new heated tobacco device called iQOS, which still claims the electronic gadget is less likely to cause disease than traditional cigarettes, has another, less obvious advantage over conventional cigarettes: the ability to collect personal data about users' smoking habits.
The tobacco giant is already building an iQOS customer database who register with the company. And it has developed software where for every purchase of a device, it is required to log in online and create an account to assimilate its device to the application that reminds you from time to time through push notifications that your device is about to run out of battery! The initiative, if regulators allow it, could extract information about a user's smoking habits and use it for marketing purposes, said a former project manager of the company who tested the software in Japan. This data would include the number of puffs and average consumption per day, said Shiro Masaoka, who worked at Philip Morris in Japan from 2012 to 2016[7].
Some IQOS users do not trust this application (also only available on Android ...) because it is supposed that PMI, via Bluetooth allows the application as a means to monitor user data. This follows a investigation conducted by TechInsights in 2018 which revealed that all IQOS devices contain microcontroller chips capable of storing user data. If the device's chips are actively monitoring users, it is without their consent, meaning PMI could have violated data privacy laws.
©Generation Without Tobacco
[1] https://www.wired.co.uk/article/juul-c1-e-cigarette-youth-vaping [2] https://edition.cnn.com/2018/12/19/business/altria-juul/index.html#targetText=Fresh%20off%20a%20%241.8%20billion,maker%20Juul%2C%20worth%20%2412.8%20billion. [3] https://www.dailymail.co.uk/sciencetech/article-6021125/Juul-reveals-plans-smart-Bluetooth-e-cigs-use-biometric-data-prove-smokers-age.html [4] https://onezero.medium.com/juuls-upcoming-smart-device-could-pose-a-major-privacy-risk-f4151f6c2dd2 [5] The GDPR is a European Union regulation that is the reference text for the protection of personal data. It strengthens and unifies data protection for individuals within the European Union. The main objectives of the GDPR are to increase both the protection of individuals concerned by the processing of their personal data and the accountability of those involved in this processing. These principles can be applied thanks to the increase in the power of regulatory authorities. [6] https://www.healthmarkets.com/content/smoking-and-health-insurance#targetText=The%20ACA%20allows%20for%20insurance,vary%20from%20state%20to%20state. [7] https://af.reuters.com/article/commoditiesNews/idAFL3N1SM2BN | © National Committee Against Smoking |
