Main Menu


Try searching for

Identity theft

Social security protection

Credit monitoring

Reputation management

Blog > Internet Privacy > Can Fitness Trackers Pose a Privacy Risk?
 April 30, 2021

Can Fitness Trackers Pose a Privacy Risk?

A young man and woman jogging together along a city path.

What would Dick Tracy think of the devices we wear on our wrists today? Perhaps his circa 1940s two-way wrist radio inspired today’s smartwatches, but this vintage comic book hero never gave privacy concerns a thought. Today, that’s a valid—even vital—concern. There is data that can leak out of some fitness trackers.

You can choose between a slew of devices that strap on your wrist and track your health, but is your data secure? They monitor sleep patterns, heart rates, menstrual cycles, and locations. There are even those that will take an ECG out in the wilderness to measure heart activity. A whole lot of personal data lives inside those tiny trackers.

Progress made

The landscape has changed significantly since 2009 when the first devices hit the market. Privacy was an afterthought and the majority of available devices had no privacy policy. None.

Changes started by 2014 when Congress got involved. Leading manufacturers agreed not to sell or share user data unless required by law or when customers opt-in to sharing. But not all makers of fitness tracker makers were on board.

What could go wrong?

The Health Insurance Portability and Accountability Act or HIPAA protects the privacy of protected health information (PHI). The U.S. Department of Health and Human Services stated recently that HIPAA does not cover most health monitoring tools.

Translated, this means there’s little protection for PHI on fitness trackers except what the manufacturer’s privacy policy spells out. If you entered data on drug use, for example, it could be sold if you select the wrong health device maker.

Privacy shopping

Since these devices stash data on locations, steps, GPS, and other personal info, you need to understand your mechanism’s privacy framework.

You may not be able to read the privacy policy in a store. Do some homework online before you buy.

How much privacy is enough?

Privacy documents can be daunting but are worth the read. You can search for words like “share,” “aggregate” or “sell” to cut directly to the core details.

Keeping up with the rules is a constant process, not a one-time effort. Remember, this is a fluid concept; buried in privacy texts, a reference generally indicates your data gets wrapped into any future acquisition, so you’ll need to check again if the maker is sold.

Shield yourself

Once you select a device, take steps to add optional protections or reduce the risks of exposing your PHI.

  • Decide the degree of risk you’re willing to accept. As noted above, apps sometimes disregard best practices, so anticipate mistakes.
  • Pay attention to how it connects to your other devices. Bluetooth is the preferred method since it only connects when a transfer of data is needed unlike Wi-Fi.
  • Keep the app up to date. Updates often include privacy or security enhancements as well as bug fixes.
  • Explore the settings to determine how much data you can lockdown. Check the default settings which all too frequently make everything public and change them to better secure your data.

Alert the FTC if you discover privacy holes in your new purchases. Complaints can be filed at

IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.


Related Post

Woman holding a laptop with a blue shield and lock illustrating digital risk protection from IDShield.

Online Privacy Has Never Been Easier

We can help protect your personal information by helping you keep your sensitive, private data more secure. Now, we can do that even better! Data brokers collect your valuable personal information when you use the internet, make online purchases, accept website...

Illustration of numberous olda and new social media icons such as myspace, Google Plus, LinkedIn, etc.

Don’t Forget About Those Old Accounts and Profiles

Myspace, Flickr, Hi5, Foursquare, Google Plus…. Remember those? During your time online it’s highly likely that you’ve left a few old accounts and profiles online. These can pose risks to both your reputation and your online security. Here’s how IDShield can help you....