Our modern lives are increasingly intertwined with technology, and nowhere is this more apparent than with health wearables. Devices like smartwatches and smart rings have evolved far beyond simple step counters, now continuously collecting a wealth of personal information. From our fitness levels and sleep patterns to fertility cycles and heart rate, this data is constantly uploaded to accompanying apps, creating a detailed digital portrait of our well-being.
Yet, this widespread adoption of health-tracking technology brings critical questions to the forefront. As these devices gather intimate details about our lives, fundamental concerns about data privacy, security, and personal rights arise. The central dilemma is clear: who truly owns all this health data – you, or the companies that collect it?
The more personal data we amass, the greater the inherent risks become. There’s the ever-present danger of our information being compromised in a data breach, and the unsettling possibility of companies selling this sensitive data to third parties. Such transactions could be for targeted marketing, insurance profiling, or other uses we may not even realize we’ve tacitly approved.
“People were cautious years ago when it came to more sensitive data types, but increasingly they’re finding enormous value in being able to access and use that information,” explains Jules Polonetsky, CEO of the Future of Privacy Forum. He adds that “the downside is they’re not always taking the time to think through where, when, and how they ought to be taking any precautions.” This sentiment highlights the delicate balance between convenience and vigilance in our digital health journey.
The Regulatory Patchwork: Why HIPAA Isn’t Enough
While over 20 states have now enacted comprehensive data privacy laws, granting consumers rights like access, deletion, and the ability to opt out of data sales, these regulations vary significantly. This creates a fragmented, “patchwork quilt” of requirements across the nation, leaving consumers to navigate a complex legal landscape without a unified federal standard.
A common misconception is that the Health Insurance Portability and Accountability Act (HIPAA) protects data gathered by wearables. However, HIPAA, passed in 1996, does not cover data collected by smartwatches or smart rings. These devices are not considered “covered entities” under HIPAA, unlike healthcare providers or health plans, meaning your wearable data falls outside its protective umbrella.
With no federal privacy law specifically addressing health data from wearables, the responsibility often falls squarely on the consumer. Caitlin Fennessy, Vice President and Chief Knowledge Officer of the International Association of Privacy Professionals, notes that “what governs the use and protection, collection and sharing of your personal data and health data in all of these instances is the terms of service and privacy policies.” These documents, drafted by manufacturers, dictate how your most personal information is handled.
With more than 560 million people worldwide now owning smartwatches, including over a quarter of Americans, the need for clear protection is paramount. Consumers are keen to leverage their health data for fitness and family health management, but as Polonetsky points out, they “really have to be sleuths to understand whether or not they are protected based on the state they’re in.” He advocates strongly for a federal privacy law that includes minimum health data protection beyond the scope of HIPAA.
Choosing Your Wearable Wisely: Trust and Transparency
When selecting a wearable, many consumers base their decision on their general trust in the manufacturer rather than meticulously poring over privacy policies. For instance, if you’re deeply integrated into the Apple ecosystem and have been satisfied with their data handling, you’re more likely to choose an Apple Watch. This brand loyalty often stems from how companies market their commitment to privacy and security.
A 2025 analysis in the peer-reviewed journal npj Digital Medicine evaluated the privacy policies of 17 leading wearable manufacturers. This study used 24 criteria, assessing transparency, data collection, minimization, user control, third-party sharing, security, and breach notification. The results showed a clear distinction in consumer data protection across the industry.
The analysis found that Google, Apple, and Polar had the lowest risk scores, indicating the strongest privacy protections for consumers. Conversely, Xiaomi, Wyze, and Huawei registered the highest risk scores. These findings underscore significant inconsistencies in data governance and highlight the urgent need for stronger, sector-specific privacy standards within the wearables industry.
Companies genuinely committed to privacy and security typically provide clear, easily accessible information on their data practices. They will transparently communicate whether data resides on the device or in the cloud, if it’s end-to-end encrypted, and whether it’s shared with third parties. If such high-level information is not readily available, it suggests that privacy might not be a top priority for that manufacturer, and caution is advised.
Another crucial factor is understanding a company’s business model. “If you’re paying a good chunk of money for a watch or a ring and a paid service, they’ve got a significant incentive to keep you happy,” Polonetsky observes. However, if a service is free or the device is very inexpensive, he warns, “you really want to look closely and understand where and how someone’s giving you a free service.” In these cases, if the company isn’t a charitable enterprise or a HIPAA-covered provider, your data is likely the product being monetized.
Taking Control: Practical Steps for Your Data Privacy
Given the current regulatory landscape, being proactive about your wearable data privacy is essential. Beyond scrutinizing manufacturers’ privacy promises and reputations, several practical steps can help safeguard your information:
- Review Privacy Policies: Take the time to read the terms of service and privacy policies, paying special attention to sections on data sharing, retention, and deletion.
- Adjust App Permissions: Configure the privacy settings within your wearable’s companion app. Limit permissions to only what’s necessary for the device to function.
- Enable Strong Security: Use strong, unique passwords for wearable accounts and enable two-factor authentication whenever possible.
- Understand Data Monetization: Be wary of “free” services. If you’re not paying for the product, your data is likely the currency being exchanged.
- Exercise Your Rights: If your state has data privacy laws, know your rights to access, correct, or delete your personal data.
The old advice of “don’t share sensitive information” is no longer practical, as people find immense value in analyzing their health records. The modern imperative, as Polonetsky concludes, is to “understand who you’re sharing with, and whether or not you’re using a service that is in the business of monetizing your data.” By being informed and proactive, you can harness the benefits of wearables while maintaining control over your valuable personal health information.
Source: ZDNet – AI
