How much is your privacy at risk from wearable devices?

Wearable devices have brought us numerous benefits in recent years, allowing us to understand our health and fitness level better and encouraging a more active lifestyle. But are they also putting our privacy at risk?

A new report from vpnMentor takes a look into what information wearable devices are collecting. It also investigates how that data is being used, shared and, in some cases, monetized.

The study finds that 90 percent of 117 wearable devices checked -- from 33 major brands, including Apple, Fitbit, Samsung and Huawei -- monitor health and wellness metrics, making this the most widely tracked data category. 63 percent of the devices analyzed also record location data either through built-in GPS or connected GPS via a smartphone.

Of the major wearable brands analyzed 23 percent explicitly share or sell personal data to marketing partners or third-party advertisers, while 55 percent of these brands share de-identified biometric data with outside researchers.

While the number of steps you’ve taken or your heart rate may not be too useful for cybercriminals, misuse of the data could potentially lead to targeted advertising, phishing attacks, or even blackmail.

Location data is a bigger potential issue as it could prove to be extremely invasive and even put people’s safety at risk. For example, back in 2018, Strava -- a fitness app which shows the aggregated activity data of its users in a global heatmap -- unintentionally revealed the location of secret US army bases in Afghanistan and Syria.

Many wearable technology companies say they don’t sell your data, some still share your information (even if it is sometimes anonymized) with service providers, research groups, or advertisers. Of the 33 major wearable brands analyzed, seven companies explicitly share or sell personal data to marketing partners or third-party advertisers. These are Samsung, Huawei, Xiaomi, Amazfit, Meta Quest, Ray-Ban Meta, and Tile/Life360. On the other hand Google explicitly declares it won’t to use health data for advertising, and Apple shares data only with user permission.

Krista Reyes, cybersecurity researcher at vpnMentor, writes on the company’s blog:

Current regulations, like HIPAA, provide strong protections for health data in clinical settings. However, their protection should be extended to cover consumer wearables as well, thus ensuring the same privacy and security standards for all health data.

As for consumers, we suggest you choose brands that offer clear opt-out options, undergo regular privacy audits, and follow strict data minimization policies -- collecting only the data necessary for their services and limiting sharing with third-parties.

By pushing for these measures, we can balance the benefits of wearable technology with stronger privacy protections, empowering users to maintain control over their personal health information in an increasingly connected world.

You can read more on the vpnMentor site.

Do you have a wearable device? Do you know what data it’s collecting? Let us know in the comments.

Image credit: Luke Chesser/Unsplash