Before you buy a smartwatch or smart ring, consider what you're giving up

Apple / Oura / Elyse Betters Picaro / ZDNET

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• Wearable owners request to recognize however their information is being handled.
• The US lacks national regulations astir user wellness data.
• Consumers should decently negociate their information and research privateness policies.

Our modern smartwatches and smart rings spell acold beyond counting steps, perpetually collecting information connected our fitness, sleep, fertility, and truthful overmuch more, and uploading them to an app. (Remember the days erstwhile we were told not to stock immoderate accusation online? How quaint.) But this wide adoption raises caller questions astir information privacy, security, and your rights -- due to the fact that who really owns each of that wellness data, you oregon the institution collecting it?

The much information we collect, the much hazard we instrumentality connected of having our accusation compromised successful a breach, oregon perchance having companies merchantability that information to 3rd parties for marketing, security profiling, oregon different purposes that you don't adjacent cognize you're opting into.

"People were cautious years agone erstwhile it came to much delicate information types, but progressively they're uncovering tremendous worth successful being capable to entree and usage that information," Jules Polonetsky, CEO of the Future of Privacy Forum, a nonprofit focused connected user information protection, told ZDNET. "The downside is they're not ever taking the clip to deliberation done where, when, and however they ought to beryllium taking immoderate precautions."

Over 20 states person present passed broad data privateness laws, which mostly springiness consumers the close to access, delete, and opt retired of the merchantability of their idiosyncratic information. However, they alteration by state, and without national regulation, what's near is simply a patchwork quilt of requirements. 

Meanwhile, much than 560 cardinal radical worldwide present ain smartwatches -- including much than 1 successful 4 Americans, according to Statista. "Consumers are progressively funny successful downloading, accessing, and utilizing their wellness information for fitness, oregon managing their family's wellness records, but truly person to beryllium sleuths to recognize whether oregon not they are protected based connected the authorities they're in," Polonetsky said. "The fig 1 happening we request is simply a national privateness law, which includes astatine slightest a minimum of wellness information extortion extracurricular of HIPAA."

Also: How I utilized Airtable to swap my regular fast-food wont with 5-minute repast planning

Contrary to fashionable belief, HIPAA (or the Health Insurance Portability and Accountability Act, passed successful 1996) does not screen information collected by wearables, which are not considered covered entities, dissimilar healthcare providers.

That means it often falls connected you arsenic the user to find however to support yourself and your data.

Who tin you trust?

With the deficiency of national regulation, "what governs the usage and protection, postulation and sharing of your idiosyncratic information and wellness information successful each of these instances is the presumption of work and privateness policies," Caitlin Fennessy, vice president and main cognition serviceman of the nonprofit IAPP, told ZDNET. Those presumption of work are designed to align with ineligible requirements and the company's ain attack to processing the data. 

A 2025 analysis published successful the peer-reviewed diary npj Digital Medicine evaluated the privateness policies of 17 starring wearables manufacturers, utilizing a rubric of 24 criteria crossed transparency, information postulation purposes, information minimization, idiosyncratic power and rights, third-party information sharing, information security, and breach notification. 

Also: Wearables nutrient immense amounts of wellness information - and doctors are struggling to support up

Based connected that rubric, Google, Apple, and Polar had the lowest hazard scores (as in, they had the strongest privateness protections for consumers), and Xiaomi, Wyze, and Huawei had the highest hazard scores. 

"Our findings item inconsistencies successful information governance crossed the manufacture and underscore the request for stronger, sector-specific privateness standards," the insubstantial noted.

People who attraction astir privateness volition often determine which wearable to bargain based connected however overmuch they spot the shaper generally, alternatively than by examining a privateness policy, Fennessey said. For example, if you're successful the Apple ecosystem and person been blessed with however they've handled your data, you're astir apt much apt to take an Apple Watch implicit different brand. Some of that comes down to however these companies marketplace their privateness offerings.

Seeking transparency

The companies astir focused connected privateness and information volition typically supply clear, well-publicized accusation connected however information is handled, specified arsenic whether it remains connected the instrumentality versus successful the cloud, whether it is end-to-end encrypted, and whether it is shared with 3rd parties. 

"Often organizations that are trying to physique their marque and estimation astir privateness for these wearables volition person those high-level points of accusation retired determination rather transparently and publicly, truthful determination is simply a furniture of speedy diligence you tin bash erstwhile you are looking astatine these wearables that does not necessitate you to work the legalese of presumption of work and privateness policies," Fennessey said.

Also: The biggest risks lurking wrong your at-home DNA and wellness tests

On the different hand, if you don't spot this accusation retired determination transparently, past these astir apt aren't features they are prioritizing, she added -- truthful proceed with caution.

Another cardinal consideration: How is this institution really making money? 

"If you're paying a bully chunk of wealth for a ticker oregon a ringing and a paid service, they've got a important inducement to support you happy," Polonetsky said. "If it's free, you truly privation to look intimately and recognize wherever and however someone's giving you a escaped service. If they're not a charitable endeavor oregon a HIPAA-covered aesculapian provider, determination monetization is happening, and it's astir apt your data." 

In different words, if it's a escaped work oregon a precise inexpensive device, your information is astir apt the product. That mightiness mean it's being sold to 3rd parties oregon advertisers who you wouldn't needfully privation to cognize the ins and outs of your health.

Steps to support yourself

Besides paying attraction to manufacturers' privateness promises and reputations, determination are a fewer applicable steps you tin instrumentality to support the information collected connected your smartwatch oregon astute ring: 

• Read the privateness policy (or astatine the precise slightest inquire a chatbot for a summary, oregon hunt for the connection "data" to find specifics astir wherever your accusation is going). Look for those transparent, public-facing messages astir privateness and information information from companies erstwhile buying for a wearable.
• If you person a smartwatch oregon astute ringing you aren't utilizing anymore, delete your data from it. You don't privation information sitting determination unused successful the lawsuit that the institution is breached down the line.
• Check what devices your telephone and wearables are connected to. Both Apple and Google volition amusement you what services you're connected to, and you should audit that each erstwhile successful a while. For example, sometimes a portion of workout instrumentality astatine your gym tin link to your smartwatch. You mightiness usage the feature, and past hide astir it. But your ticker could inactive beryllium sharing accusation with that treadmill. 
• If you're using an AI chatbot to analyse your wellness information collected by wearables and you don't privation it to bid connected your data, marque definite you've checked your settings and toggled disconnected the enactment to usage your information for training, oregon that you're utilizing a impermanent chat. (It's besides champion signifier not to upload immoderate documents with personally identifiable accusation -- marque definite you redact oregon anonymize everything first.)

"Telling radical 'don't stock delicate information,' which was beauteous bully proposal a fig of years ago, is nary longer tenable," Polonetsky said. "People are uncovering unthinkable worth successful being capable to analyse their wellness records. It's present astir knowing who you're sharing with, and whether oregon not you're utilizing a work that is successful the concern of monetizing your data."