Most Smart Watches, Rings, and Bands Lack Basic Transparency Reports and Key Privacy Features



Oura Rings, Garmin GPS fitness watches, Apple Watches, Whoop bands—every year, more and more tech devices are promising to monitor our health and fitness, guide us toward healthier living, and provide useful health metrics to take to our doctors. But few of these tools provide the sorts of privacy and security promises we demand from all technology, let alone tech that captures personal health data. It’s time they step up and start providing transparency reports and stronger encryption options.

Surveys suggest that around 40 percent of people in the United States own some sort of commercially available wearable health device. Despite being marketed as health devices, they have no special health-related privacy protections that one might hope for. The companies who make these devices can and do collect an abundance of data, and many of them share that data with third-parties for marketing or to influence insurance rates, or use it for their own purposes, like training artificial intelligence models.

Health data is increasingly an important part of law enforcement or government investigations. Wearable data has been critical in a number of cases, where information about heart rate and steps was used to determine the whereabouts of individuals. And the surveillance company Penlink calls fitness trackers and wearables an “overlooked source” for law enforcement since they tend to show movement patterns and changes in heart rates. Law enforcement can try to get access to this data through subpoenas or warrants. 

There are many potential privacy issues with these sorts of devices, including whether the companies who make them share or sell information to third-parties. But here we are choosing to focus on two facets we’re concerned with around health data itself: 1) whether the company shares information with law enforcement and governments and 2) if they offer end-to-end encryption, which means the company itself can’t access that health data to begin with.

Reading through dozens of product review sites we narrowed our research in on ten companies that seem to make the majority of recommended consumer health products on the market:

  • Amazfit
  • Apple
  • Coros
  • Garmin
  • Google (including Fitbit)
  • Hume
  • Oura
  • Polar
  • Suunto
  • Whoop 

We reviewed each company’s public facing policies, then emailed them to confirm those findings. Here’s what we found.

Transparency Reports Are Few and Far Between

Companies should provide transparency reports of how often they provide data to the government, including information about whether it’s an official demand or an unofficial request. We have been calling on tech companies to publish transparency reports for a long time, but the practice is still rare across the industry. That’s especially true with fitness gadgets. 

Only two of the companies we surveyed, Apple and Google (which also owns Fitbit), currently publish transparency reports. Apple, Google, and Whoop promise to notify users of law enforcement requests in publicly available documentation. 

Oura now does too, after an update to their privacy policy in June 2026 that was perhaps prompted by a series of requests from journalist Zack Whittaker. In that same update and in an email to us, Oura promises that it is “actively evaluating ways to provide greater visibility into how we handle these requests, like through a transparency report.” This is promising, and we hope the company agrees that transparency reports are the best option moving forward. 

Any company that handles data that’s of interest to law enforcement and governments owes it to their users to publish transparency reports and, when legally possible, notify users when that data is requested.

Similarly, Suunto does not currently publish transparency reports, but in an email reply to our questions the company did express an openness to potentially doing so, stating, “We continuously evaluate our transparency practices and may publish additional information, such as a transparency report, in the future if we believe it would provide meaningful value for users and support our data protection efforts.” We hope they do, as these sorts of reports are a useful metric for all of us to better understand if and when our data can potentially be accessed by law enforcement.

We could not find instances where the other companies publicly state a policy around notification or transparency reports, and no others replied to our email questions.

Any company that handles data that’s of interest to law enforcement and governments owes it to their users to publish transparency reports and, when legally possible, notify users when that data is requested. This is especially true of personal health data, which can reveal our movements, and be used to infer details about what we’re doing at any given moment.

End-to-End Encrypted Data Is Far Too Rare of a Feature

End-to-end encryption is a method to ensure that your personal data is only accessible by you, and not the company who makes the device and manages the cloud storage. End-to-end encryption is usually used to refer to message encryption in communication apps, like Signal or WhatsApp, but can also refer to data storage. For example, many password managers use end-to-end encryption, and Ring implemented it for its cameras after we pushed for it. There’s no reason it can’t be offered for wearables too.

In the case of health data from wearable devices, it’s a way to store data in the cloud so that information can be synced and backed up between your device and an app on your phone in a way where only your devices can access it. 

Support for end-to-end encryption is more rare than transparency reports. 

The Apple Watch, at least with data that’s stored in the Health app, is the only popular fitness wearable that supports end-to-end encryption, and it’s enabled by default for all users (you are required to have two-factor authentication enabled as well, but that is also on by default for most accounts).

However, Apple Watch owners should remember that this protection is only for data stored in the Apple Health app. If you use other apps on your watch, or choose to share data with third-parties, like Strava, or if you’re sharing data with other wearables, like an Oura ring, that data is likely not end-to-end encrypted by the third-party company. 

Support for end-to-end encryption is more rare than transparency reports. 

And that’s it. Apple is the only one. No other popular consumer health wearable offers end-to-end encryption for the data it collects and stores online. Not Google. Not Garmin. Not Oura. Most of these companies instead offer encryption in transit and at rest, but this means those companies can still see and use your data. This is the industry standard, but it doesn’t have to be.

Another option would be more robust local-storage options. Some devices we looked at, like a handful of Garmin and Polar watches, can operate on the watch itself without syncing data to the cloud, but some models are limited in capability and cannot sync to an app without storing data online. More robust options for limiting the data to just the wearable and the phone app it’s synced to would be a privacy improvement. For example, the Apple Watch has the option to disable iCloud sharing in Apple Health, which will keep the data only on your phone. It’s the only wearable we found that offers this feature without using a third-party app like Gadgetbridge or by physically connecting the wearable to a computer with a USB cable and transferring activity files over manually.

The general lack of local-only options or end-to-end encryption is a major privacy oversight, especially when you consider these devices collect heart rate, track sleep, and can log your location while also calculating a variety of health metrics supposedly intuiting everything from anxiety to your fitness “age.”

We understand that it’s technically more difficult to implement end-to-end encryption than other sorts of cloud storage, and comes with some limitations that may affect a user’s experience with a product. It also makes certain types of AI-related features harder to implement, since they’d typically need to work on-device (either in the app or the wearable device itself). Because of that, we believe an option for end-to-end encryption or local-only storage of the data collected by a wearable is the least companies can do. This way, those who want to use these devices can do so with the choice to either accept some privacy risks, or choose a more locked down option.

What’s Next

If you’re a user of a fitness wearable from any of the companies we’ve reached out to, or any other one, don’t be shy in asking for these sorts of features. In the rare cases a company offers a feature request page, use it—like for Garmin, Polar, Suunto, and Whoop. And when those types of outlets aren’t offered, don’t shy away from general contact pages, like those offered by Amazfit and Oura, or on community subreddits.

The companies that make these wearables, whether they’re designed for fitness or health, need to improve. At the bare minimum, companies need to publish transparency reports detailing how often they receive requests from law enforcement and commit to notifying users whenever that happens. 

It’s also well past the time for more companies to offer end-to-end encryption for the health data they’re storing. We acknowledge that this may be a trade-off for some features, like social networking features, but it should be up to users to decide if they’re willing to make those trade-offs. This level of privacy is an appealing feature that benefits users in myriad ways and more companies can set themselves apart by committing to this level of privacy.

Health data is some of the most personal data we produce, and most wearables companies are behind the times when it comes to basic privacy practices and transparency. Now’s the time to improve those practices.



Source link

  • Related Posts

    Sheetz is quitting VMware, migrating 11,000 virtual machines

    Automation and [SvHCI’s VMware] VM Import Utility were absolutely vital to scaling this migration. Operating in a 24/7/365 retail environment meant that minimizing business disruption was critical. It required meticulous…

    Intel Officials Predict the Pentagon’s Bill for the Iran War Will Exceed $100 Billion

    President Donald Trump restarted the Iran conflict with days of missile strikes, and US intelligence officials now estimate the total military cost of the war for the Pentagon could exceed…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Methanex Corporation – Notice of Cash Dividend

    Afternoon front page: NGOs’ ‘hostile behaviour’ over Jews, Israel

    Denshattack review: one of 2026’s best games so far is a racing ruckus of railways, rebellion, and ramen

    Denshattack review: one of 2026’s best games so far is a racing ruckus of railways, rebellion, and ramen

    Democrats’ deepening Israel divisions: From the Politics Desk

    Democrats’ deepening Israel divisions: From the Politics Desk

    Argentina stun England in 2-1 comeback win to reach 2026 World Cup final | World Cup 2026 News

    Argentina stun England in 2-1 comeback win to reach 2026 World Cup final | World Cup 2026 News

    N.S. premier’s office says he was ‘swarmed by rioters,’ windshield smashed – Halifax

    N.S. premier’s office says he was ‘swarmed by rioters,’ windshield smashed – Halifax