Smartwatches collect a lot of personal and private data. There are implications for your privacy.
Let’s not kid ourselves. Anything that has an internet connection could potentially send your data to nefarious actors.
Your smartphone has become one of the biggest providers of data. For good and for bad. I am glad Facebook Marketplace is so effective when I’m a seller, but I am also quite annoyed when I see a very specific brand of milk’s ads… that I just bought.
Increasingly, the smartwatch is becoming a treasure trove of personal data and personal information that your smartphone doesn’t track. Think of your fitness data, your sleep patterns, your health information, height, weight and location data. There are many more layers of personal information that wearable tech has on you.
Mozilla Foundation has come up with a study called *Privacy Not Included which reviews privacy policies and ranks them in terms of “creepiness.”
Table of Contents
- What the device privacy guide is about
- Smartwatch Privacy List
- Garmin sport smartwatches (Creep rating: 42 points/not creepy)
- Apple Watch Series 6 (A little creepy/47 points)
- Fossil Gen 5 (Somewhat creepy/50 points)
- Fitbit fitness tracker and smartwatches (Very creepy/58-62 points)
- Samsung Galaxy Active 2 and Galaxy Watch 3 (Very creepy/ 64,65 points)
- These smartwatches are certified “Privacy Not Included”
What the device privacy guide is about
*Privacy Not Included advocates for minimum security standards that all products sold in stores should have.
They name a few areas which help fulfill these standards: encryption, automatic security updates, requiring strong passwords, having a system to manage vulnerabilities, and having an accessible privacy policy.
*Privacy Not Included analyzes what kind of faculties the device has (camera, microphone, location data, biometric data, etc.) and then lays out what could happen to your private data if something goes wrong.
There’s also a Creep-O-Meter that is a way to poll what readers think about the creepiness of a device.
Each smartwatch is assigned a creepiness score that you can access via the HTML source (in an attribute named data-creepiness).
The worst smartwatch is the Amazon Halo at 87.5 creep points. The best smartwatch is the Garmin Vivo at 42 creep points.
Smartwatch Privacy List
Garmin sport smartwatches (Creep rating: 42 points/not creepy)
We’ve reviewed just one Garmin smartwatch which is the Garmin Fenix 6, which is not on the *Privacy Not Included ratings.
However, if we look at their reviews for the Garmin Vivo, Garmin Venu and Garmin Forerunner’s privacy ratings, we can make a few conclusions. All of them reside are top-tier privacy rights upholders.
What could go wrong with your private information with Garmin smartwatches?
Mozilla says that Garmin “one of the best jobs handling the privacy and security of all the personal data.”
Here’s why:
Garmin doesn’t share or sell your data for marketing purposes. This is great because high-end Garmin smartwatches have Garmin Pay, which means that they can share your purchases. Although… your credit card company might be sharing that information too.
Garmin anonymizes the data they receive, which means that you can’t be personally identifiable. Although Mozilla admits that depending on the quality of anonymization, bad people could decipher and relink the data.
In my experience, my Garmin Fenix 6 is the smartwatch with the least “leak potential” among the smartwatches that I own.
This is because the Garmin Fenix 6 is most able to operate independently of the Garmin Connect smartphone app.
Most essential services can be analyzed through the watch, with the Garmin Connect smartphone app just providing an extra layer of convenience.
The Garmin Fenix 6, along with many Garmin smartwatches, do not have microphones or cameras, so you won’t have to worry about having a device that’s actively capturing everything you say.
Caveat emptor: Garmin vivofit jr 2
The Garmin vivofit jr 2 is a kids smartwatch that fared significantly worse than the average adult Garmin smartwatch, coming in at 60 creep points.
It came down to Mozilla’s belief that children should not be exposed to so much data gathering and they also say, “there is a good question to be raised about teaching young children that this level of digital surveillance in their lives is OK.”
Apple Watch Series 6 (A little creepy/47 points)
The Apple Watch Series 6 has many features that bring its ability in line with smartphones, except for the camera.
Siri could be passively listening to you to say “Hey Siri” which means that it’s listening every single second for that magic key phrase. It also tracks a lot of other data like location, consumer health information and other data points.
What could go wrong with data collected in the Apple Watch?
Mozilla says that says that Apple has a good track record of keeping data safe. It did mention that Apple contractors were found to be regularly listening in on confidential personal conversations when reviewing Siri’s recordings. Apple rectified this by making sure users weren’t automatically opted-in to the snooping.
Mozilla says that if things go wrong, you’d “better hope your insurance company never gets access to all that info cause that could get weird (and costly).”
Thank God I live in Canada.
Fossil Gen 5 (Somewhat creepy/50 points)
The Fossil Gen 5’s rating is pretty logical.
It runs the Wear OS. Google’s Wear OS. The only other thing that can be equally worrisome is if there were a Facebook smartwatch.
Google wants to know more about you. Not in the same way friendly hostelmates want to know you for friendship. No, Google wants to know you so they can sell better converting ads to you.
The Fossil Gen 5 is a great smartwatch that doesn’t have much bloatware so this is will provide a good basis to judge the Wear OS as it relates to data leakiness.
It runs Google Pay, so that could be an avenue of information egress. It also runs Google Fit, which has many choices for workouts… and honestly, I can’t tell the difference between most of them in terms of the data offered, leading me to think that Google wants to know what sports you’re into so they can advertise shiny new equipment to you.
The guide says Fossil does “not use data relating to your health for marketing purposes, which is good. Fossil does not sell personal information, which is also good. Aggregated and de-identified data may be shared with third parties. “
It points out that one of Fossil Group’s website has been compromised in the past leading to a data breach.
However, Mozilla doesn’t speak to the Wear OS element. If we take it that Fossil’s privacy policy doesn’t apply to Google’s use, then the information isn’t very useful. Google’s Wear OS does require you to login with a Google account, so I am going to bet they’re associating what you do on your smartwatch to your account.
Fitbit fitness tracker and smartwatches (Very creepy/58-62 points)
Mozilla commended Fitbit’s commitment to privacy and security.
They did mention about Google’s takeover of Fitbit.
Honestly, feature-wise, Google’s takeover has been GREAT. I can’t stand Amazon’s Alexa. But Google Assistant is plain amazing.
However, it does raise the question whether or not this empowers Google to start collecting data about your child. Google could potentially know the age of your child and other details collected in the Fitbit.
Fitbit Ace 2
We don’t normally write about fitness trackers, but since we reviewed the Fitbit Ace 2, we should just follow up.
Mozilla says that they take extra privacy considerations for children including more limited data collection.
However, just like Garmin’s kids watches, Mozilla argues against exposing your child to so much data collection and they ask whether it should be OK to normalize data collection at such a young age.
Fitbit Versa 3 and Fitbit Sense
The two smartwatches are very similar and score similar creep scores.
Mozilla argues that because the flagship Fitbit smartwatches collect so many data points like location, sleep, heart rate, activity data etc., that all of these data could be exposed one day.
Samsung Galaxy Active 2 and Galaxy Watch 3 (Very creepy/ 64,65 points)
The main problem here is that Samsung “collects and potentially sells your personal health data to consumer data resellers.”
And they do collect a lot of it. They collect sleep data, there’s a running trainer, stress tracker, sleep tracker, etc. Here’s the doom and gloom scenario they paint,
“That means it’s possible you could get have crazy insomnia and sleep terribly for a couple months, Samsung could know that and share that data with someone who will target you with ads for sleeping pills everywhere you go. You try the sleeping pills out, get addicted, and end up needing rehab. OK, this is probably not likely, but also not impossible in our digital ad economy.”
Thank God I live in Canada and have no access to the stress feature or blood oxygen saturation (SpO2) measurement. That’s less data tracked (in a very expensive device)!
These smartwatches are certified “Privacy Not Included”
Here we go with the “super creepy” category of smartwatches that Mozilla would not recommend.
Amazon Halo
So, Amazon makes a smartwatch and it’s waaaaaaaaaay creepier than anything else on Mozilla’s list.
The Amazon Halo has no display but captures the regular lot of health and activity data. Its microphones listen in to measure the tone, energy and positivity of your voice.
Mozilla also says that the Amazon Halo also asks you to take pictures of yourself in underwear to track body fat.
To be fair, Mozilla also mentions that “Amazon says that they do not use Amazon Halo health data for marketing, product recommendations, or advertising. Amazon does not sell Amazon Halo health data.”
However, Amazon has had data breaches in November 2018 and then a rogue employee also leaked customer email addresses in October 2020.
Huawei Smart Watch ES
Mozilla does not recommend Huawei’s products because they have vague and outdated privacy policies, a lack of support and that they share information to parties with “legitimate interest.”