The Hidden Cost of Smartwatches and Smart Rings: What You Give Up for Health Data

The Hidden Cost of Smartwatches and Smart Rings: What You Give Up for Health Data">

Our modern smartwatches and smart rings collect vast amounts of data on our fitness, sleep, fertility, and more, uploading it to apps. This widespread adoption raises new questions about data privacy, security, and rights -- who actually owns all that health data, you or the company collecting it? We've been hearing about the "quantified self" for nearly two decades as devices to track our steps have evolved to give us health data that used to require a trip to a clinic and cost thousands of dollars.

We explore how that health data actually impacts your life, whether you're walking into your next doctor's appointment or forgetting about the sensor sitting on your wrist. The more data we collect, the more risk we take on of having our information compromised in a breach, or potentially having companies sell that data to third parties for marketing, insurance profiling, or other purposes that you don't even know you're opting into. "People were cautious years ago when it came to more sensitive data types, but increasingly they're finding enormous value in being able to access and use that information," Jules Polonetsky, CEO of the Future of Privacy Forum, a nonprofit focused on consumer data protection, told ZDNET.

"The downside is they're not always taking the time to think through where, when, and how they ought to be taking any precautions." Over 20 states have now passed comprehensive data privacy laws, which generally give consumers the right to access, delete, and opt out of the sale of their personal information. However, they vary by state, and without federal regulation, what's left is a patchwork quilt of requirements. Meanwhile, more than 560 million people worldwide now own smartwatches -- including more than 1 in 4 Americans, according to Statista.

"Consumers are increasingly interested in downloading, accessing, and using their health data for fitness, or managing their family's health records, but really have to be sleuths to understand whether or not they are protected based on the state they're in," Polonetsky said. "The number one thing we need is a federal privacy law, which includes at least a minimum of health data protection outside of HIPAA." Contrary to popular belief, HIPAA (or the Health Insurance Portability and Accountability Act, passed in 1996) does not cover data collected by wearables, which are not considered covered entities, unlike healthcare providers. That means it often falls on you as the consumer to determine how to protect yourself and your data.

With the lack of federal regulation, "what governs the use and protection, collection and sharing of your personal data and health data in all of these instances is the terms of service and privacy policies," Caitlin Fennessy, vice president and chief knowledge officer of the nonprofit IAPP, told ZDNET. Those terms of service are designed to align with legal requirements and the company's own approach to processing the data. A 2025 analysis published in the peer-reviewed journal npj Digital Medicine evaluated the privacy policies of 17 leading wearables manufacturers, using a rubric of 24 criteria across transparency, data collection purposes, data minimization, user control and rights, third-party data sharing, data security, and breach notification.