Before you buy a smartwatch, check its privacy

smartwatch privacy – Smartwatches and smart rings don’t just track steps. They collect data on fitness, sleep, and fertility—then upload it to apps. With no federal rules specifically covering consumer health data, what you consent to in terms of service and privacy policies can d

For years, wearables were sold with a promise that sounded harmless: count your steps, keep you motivated, improve your health. But smartwatches and smart rings have outgrown that story. They now collect fitness, sleep, fertility, and much more—then upload it to an app. And once that data leaves your device, the question shifts from comfort and convenience to control.

The unease isn’t abstract. A US lack of federal regulations around consumer health data means a patchwork of state laws. and—when those laws don’t apply—private terms of service and privacy policies become the rules of the road. The concern is not only a potential breach. It’s what can happen to the information afterward. including scenarios where companies sell consumer health data to third parties for marketing. insurance profiling. or other purposes a person may not realize they agreed to.

“People were cautious years ago when it came to more sensitive data types. but increasingly they’re finding enormous value in being able to access and use that information. ” Jules Polonetsky. CEO of the Future of Privacy Forum. told this newsroom. “The downside is they’re not always taking the time to think through where. when. and how they ought to be taking any precautions.”.

More than 20 states have passed comprehensive data privacy laws that generally give consumers the right to access. delete. and opt out of the sale of their personal information. But those laws vary by state. Without federal regulation, the result is a set of rules that can differ dramatically depending on where you live.

It’s also happening at massive scale. More than 560 million people worldwide now own smartwatches—more than 1 in 4 Americans, according to Statista. And as that audience grows. so does demand for what wearables can do with health data: accessing it. downloading it. managing family health records. and using it for fitness. Polonetsky said consumers often have to become “sleuths” to figure out whether they’re protected based on their state.

“The number one thing we need is a federal privacy law, which includes at least a minimum of health data protection outside of HIPAA,” Polonetsky said.

That distinction matters because HIPAA—passed in 1996 as the Health Insurance Portability and Accountability Act—does not cover data collected by wearables. Wearables are not considered covered entities, unlike healthcare providers. As a result, the consumer is often left to decide how to protect their data.

So where does accountability land?. For many devices. what governs the collection. sharing. and protection of personal and health data is the terms of service and privacy policies. Caitlin Fennessy. vice president and chief knowledge officer of the nonprofit IAPP. told this newsroom that these documents are meant to align with legal requirements and the company’s own approach to processing the data.

Fennessy’s point becomes sharper when you look at the industry’s uneven standards. A 2025 analysis published in the peer-reviewed journal npj Digital Medicine evaluated the privacy policies of 17 leading wearables manufacturers using a rubric of 24 criteria across areas including transparency. data collection purposes. data minimization. user control and rights. third-party data sharing. data security. and breach notification.

In that evaluation. Google. Apple. and Polar had the lowest risk scores. meaning they had the strongest privacy protections for consumers. Xiaomi, Wyze, and Huawei had the highest risk scores. The paper’s conclusion centered on inconsistencies in data governance across the industry and a need for stronger. sector-specific privacy standards.

For consumers, though, the mismatch isn’t just about a score. Many people choose a wearable based on how much they trust a manufacturer. rather than reading and comparing privacy policies line by line. Fennessy said that if you’re already in the Apple ecosystem and have been happy with how the company handled your data. you’re more likely to choose an Apple Watch over another brand. She linked some of that to how privacy promises are marketed.

When companies focus on privacy and security, they typically make the details more visible. Fennessy said those companies may clearly explain whether data stays on the device or moves to the cloud. whether it’s end-to-end encrypted. and whether it’s shared with third parties. She added that these higher-level points are often public and easy to check—so shopping doesn’t require readers to wade through terms and privacy policy legalese.

But if that information isn’t easy to find, Fennessy said it’s a warning sign that privacy and security features may not be prioritized.

And there’s another question buyers often skip: how the company is making money. Polonetsky said the business model can shape incentives.

“If you’re paying a good chunk of money for a watch or a ring and a paid service. they’ve got a significant incentive to keep you happy. ” Polonetsky said. “If it’s free, you really want to look closely and understand where and how someone’s giving you a free service. If they’re not a charitable enterprise or a HIPAA-covered medical provider, somewhere monetization is happening, and it’s probably your data.”.

In plain terms, Polonetsky said, a free service—or a very cheap device—often means your data is the product. That can include selling data to third parties or advertisers who you may not want to know the details of your health.

Once you’ve bought a wearable, protecting yourself is less about one grand decision and more about small habits built around access and hygiene. Polonetsky and Fennessy pointed to several steps.

Start with the privacy policy. At minimum, search for the word “data” to find specifics about where information goes, or ask a chatbot for a summary.

Then look for public, transparent statements around privacy and data security when you’re shopping.

If you aren’t using a smartwatch or smart ring anymore, delete your data from it. Leaving it on the device, even when you’ve stopped wearing it, means that data could still sit there if a company is breached later.

Audit connections too. Check what devices your phone and wearables are connected to. Apple and Google can show what services you’re connected to, and Polonetsky said you should review that periodically. A gym’s exercise equipment can connect to a smartwatch. You may use the feature and forget about it, but the watch could still be sharing information with the treadmill.

And if you’re using an AI chatbot to analyze your health data collected by wearables. check whether the chatbot is set to train on your data. Toggle off the option to use your data for training, or use a temporary chat. It’s also best practice not to upload documents with personally identifiable information—redact or anonymize everything first.

Polonetsky summed up the shift in expectations bluntly: “Telling people ‘don’t share sensitive information. ‘ which was pretty good advice a number of years ago. is no longer tenable. People are finding incredible value in being able to analyze their health records. It’s now about understanding who you’re sharing with. and whether or not you’re using a service that is in the business of monetizing your data.”.

In the end, the wearable market keeps expanding—and the devices keep collecting more. The question for buyers is no longer whether smart tech can help you track your life. It’s whether you’ve secured a clear understanding of what happens to that life once the data is out of your hands.

smartwatch privacy smart ring privacy consumer health data wearable data HIPAA wearables data privacy laws IAPP Future of Privacy Forum data security terms of service