Stay updated with ZDNET: Consider adding us as a preferred news source on Google.
Key Takeaways from ZDNET
- People using wearable tech should know what happens to their personal data.
- The United States doesn’t have nationwide rules governing the handling of consumer health information.
- It’s important for users to manage their own data and review company privacy policies carefully.
Today’s smartwatches and smart rings do much more than track daily steps — they continuously gather detailed insights on physical activity, sleep patterns, reproductive health, and other metrics, then sync that information to companion apps. (Back when we used to be advised to never share anything personal online, that caution now seems outdated.) But as wearables become more common, serious concerns about data privacy, security, and individual rights have emerged — especially around whether you, or the company collecting it, truly control your sensitive health information.
The more personal data we generate, the greater the chance it could be exposed during a data breach, or quietly sold to outside parties for targeted advertising, insurance assessments, or other uses we never explicitly agreed to.
“Years ago, people approached sensitive data types with hesitation, but now they recognize the significant benefits it offers for personal insights,” explained Jules Polonetsky, CEO of the Future of Privacy Forum, a nonprofit organization dedicated to data protection. “The problem isn’t always awareness — it’s whether people pause to consider the right precautions beforehand.”
More than 20 U.S. states have since introduced broad data privacy laws that typically allow residents to view, remove, or block the sale of their personal details. Still, these regulations differ significantly across states, creating an inconsistent landscape in the absence of federal oversight.
At the same time, global smartwatch ownership has surpassed 560 million — with over 25% of American adults owning one, according to Statista. “People are eager to download, analyze, and apply their health stats for wellness goals and family care, yet many aren’t sure if their state laws offer real protection,” Polonetsky noted. “Our top priority should be passing a federal privacy law that establishes baseline safeguards for health data — protections that go beyond HIPAA’s narrow scope.”
Related story: How I swapped fast food with 5-minute meal planning using Airtable
Contrary to common assumptions, HIPAA (the Health Insurance Portability and Accountability Act of 1996) doesn’t apply to information gathered by wearable devices, since manufacturers aren’t classified as “covered entities” under the law — unlike hospitals or medical providers.
This gap means you, as the end user, bear much of the responsibility for safeguarding your own data.
Which Companies Deserve Your Trust?
In the absence of federal rules, “the main guidance for how companies collect, protect, and share your health data lies in their terms of service and privacy policies,” said Caitlin Fennessy, VP and chief knowledge officer at IAPP, a leading privacy advocacy nonprofit. These documents outline both legal compliance and internal practices for handling user information.
A 2025 study published in *npj Digital Medicine* reviewed privacy policies from 17 major wearable brands against a checklist of 24 factors — including transparency, data usage clarity, minimal data collection principles, user rights, third-party sharing practices, security protocols, and breach notification procedures.
Insight: Wearables create massive health datasets — and doctors aren’t prepared to process them
Under this evaluation, Google, Apple, and Polar scored lowest risk (meaning strongest consumer protections), while Xiaomi, Wyze, and Huawei received the highest risk ratings.
The researchers emphasized that “our results reveal stark differences in how brands manage data governance, highlighting the urgent need for industry-specific privacy standards.”
For consumers focused on privacy, purchasing decisions often hinge on brand trust rather than deep dives into fine-print policies. As Fennessy explains: “If you’ve relied on Apple’s ecosystem and feel confident in their approach to data, you’ll likely lean toward an Apple Watch.”, “A lot of this comes down to how companies advertise their commitment to privacy.”
Clarity and Transparency Matter
Businesses genuinely invested in user privacy typically make details easy to find — such as whether your data stays on-device or gets uploaded to the cloud, if it’s fully end-to-end encrypted, and if it’s shared with advertisers or partners.
“Companies building their reputation around privacy will proactively highlight these points publicly — so even without reading legal jargon, consumers can perform basic research when comparing devices.” Fennessy added.
Warning: Hidden dangers in at-home gene and health testing kits
On the flip side, if locating clear statements about data handling feels difficult, it’s a red flag that privacy isn’t a priority — proceed carefully.
Another crucial factor: how exactly does this company make its money?
“If you’re paying a premium price for a wearable plus a subscription, the company has strong incentives to keep you satisfied,” Polonetsky pointed out. “But if the product is free or extremely low-cost, ask yourself — what’s fueling the business model? Unless it’s a nonprofit or HIPAA-regulated entity, chances are monetization depends on your data.”
In simpler terms: if you’re not paying for the product, your health information likely *is* the product — meaning it may be traded to marketers or data brokers who gain access to intimate aspects of your health without your knowledge.
Practical Tips to Better Protect Yourself
Beyond relying on manufacturer assurances and brand reputations, here are actionable steps you can take to better secure your smartwatch or smart ring data:
- Review privacy policies—or ask an AI assistant to summarize them, or just search for mentions of “data” to spot key points. Look for plainly stated commitments regarding data storage and security when choosing a wearable.
- Purge old data from unused devices. Leaving sensitive records on abandoned gadgets increases vulnerability in case the company suffers a breach later.
- Monitor device connections on your phone. Both Apple and Google let you see which devices or apps are linked — audit this list regularly. For instance, gym equipment might auto-pair with your watch and continue sharing data long after you stop using it.
- Be cautious with AI health tools. If you’re feeding wearable data into an AI chatbot for analysis, ensure it won’t use your inputs to train its model — disable that option in settings or use ephemeral chat modes. Also, always redact identifying details before uploading documents.
“The old advice—‘don’t share sensitive info’—doesn’t hold up anymore,” Polonetsky reflected. “People now reap enormous value from analyzing their own health records. The real shift is learning *who* you’re sharing with—and whether that service exists primarily to profit off your data.”
