EFF warns that feds can snoop on your smartwatch data, and vendors won’t share where and when
s your smartwatch handing your private health data to the government? Vendors won’t say.

- Most smartwatch makers don’t disclose how often they share user data with law enforcement.
- Only Apple, Google (and Fitbit) currently publish transparency reports.
- End-to-end encryption is largely absent from the consumer health wearable market, though the Apple Watch offers this protection.
The digital rights group Electronic Frontier Foundation (EFF) warns that most smartwatch makers don't publish transparency reports detailing how often they share data with authorities and lack strong encryption options.
Already around 40% of people in the US own a wearable health device, such as a smartwatch, but they lack any special health data-related privacy protections, EFF said in a report.
Law enforcement and government investigations increasingly rely on wearable data, such as heart rate and step count, to determine individuals' whereabouts. Authorities can try to get this data through subpoenas or warrants.
“The surveillance company Penlink calls fitness trackers and wearables an ‘overlooked source’ for law enforcement since they tend to show movement patterns and changes in heart rates.”
EFF surveyed 10 major wearable makers and found that only two companies, Apple and Google (which also owns Fitbit), currently disclose how often they provide data to the government via transparency reports.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Other vendors in the study were Amazfit, Coros, Garmin, Hume, Oura, Polar, Suunto, and Whoop.
Oura has already updated its privacy policy, likely prompted by media pressure, and promised EFF it is “actively evaluating ways to provide greater visibility into how we handle these requests.”
Suunto also stated it is evaluating transparency practices and may publish additional information.
“We could not find instances where the other companies publicly state a policy around notification or transparency reports, and no others replied to our email questions,” the EFF report stated.
The watchdog assures that companies handling sensitive data owe users, when legally possible, disclosures if that data was requested.
Check if your data has been leaked
The lack of end-to-end encryption was another finding – only the Apple Watch protects data stored in its Health app. However, this encryption is defeated whenever the user chooses to share the data with third parties, such as Strava or other apps.
“Apple is the only one. No other popular consumer health wearable offers end-to-end encryption for the data it collects and stores online. Not Google. Not Garmin. Not Oura. Most of these companies instead offer encryption in transit and at rest, but this means those companies can still see and use your data. This is the industry standard, but it doesn’t have to be,” EFF warns.
EFF argues that the watch should be able to function without syncing data to the cloud, but some watches can't deliver data to the smartphone without cloud involvement.
Apple Watch was again the only wearable to offer the option to keep data phone-only, without iCloud sharing in Apple Health.
The watchdog calls on users not to be shy about asking for these sorts of features and urges companies to deliver “the bare minimum.”