NVIDIA社とのフィジカルAIの接続基盤となる6G及びAI RAN関連技術等に関する協力意向表明書の署名
令和7年度地方財政審議会(1月16日)議事要旨
令和7年度地方財政審議会(3月3日)議事要旨
陸上無線通信委員会報告(案)に対する意見募集
利用者情報に関するワーキンググループ(第40回)
情報通信行政・郵政行政審議会 電気通信事業部会(第171回)
地方公共団体情報システムの標準化に関する法律第二条第一項に規定する標準化対象事務 を定める政令に規定するデジタル庁令・総務省令で定める事務を定める命令第六条各号に規定する事務の処理に係るシステムに必要とされる機能等に関する標準化基準を定める省令の一部を改正する省令(案)等に対する意見募集
恩給給与細則等の一部を改正する省令(案)に関する意見募集
令和8年7月16日付 総務省人事
Most Smart Watches, Rings, and Bands Lack Basic Transparency Reports and Key Privacy Features
Oura Rings, Garmin GPS fitness watches, Apple Watches, Whoop bands—every year, more and more tech devices are promising to monitor our health and fitness, guide us toward healthier living, and provide useful health metrics to take to our doctors. But few of these tools provide the sorts of privacy and security promises we demand from all technology, let alone tech that captures personal health data. It’s time they step up and start providing transparency reports and stronger encryption options.
Surveys suggest that around 40 percent of people in the United States own some sort of commercially available wearable health device. Despite being marketed as health devices, they have no special health-related privacy protections that one might hope for. The companies who make these devices can and do collect an abundance of data, and many of them share that data with third-parties for marketing or to influence insurance rates, or use it for their own purposes, like training artificial intelligence models.
Health data is increasingly an important part of law enforcement or government investigations. Wearable data has been critical in a number of cases, where information about heart rate and steps was used to determine the whereabouts of individuals. And the surveillance company Penlink calls fitness trackers and wearables an “overlooked source” for law enforcement since they tend to show movement patterns and changes in heart rates. Law enforcement can try to get access to this data through subpoenas or warrants.
There are many potential privacy issues with these sorts of devices, including whether the companies who make them share or sell information to third-parties. But here we are choosing to focus on two facets we’re concerned with around health data itself: 1) whether the company shares information with law enforcement and governments and 2) if they offer end-to-end encryption, which means the company itself can’t access that health data to begin with.
Reading through dozens of product review sites we narrowed our research in on ten companies that seem to make the majority of recommended consumer health products on the market:
- Amazfit
- Apple
- Coros
- Garmin
- Google (including Fitbit)
- Hume
- Oura
- Polar
- Suunto
- Whoop
We reviewed each company’s public facing policies, then emailed them to confirm those findings. Here’s what we found.
Transparency Reports Are Few and Far BetweenCompanies should provide transparency reports of how often they provide data to the government, including information about whether it’s an official demand or an unofficial request. We have been calling on tech companies to publish transparency reports for a long time, but the practice is still rare across the industry. That’s especially true with fitness gadgets.
Only two of the companies we surveyed, Apple and Google (which also owns Fitbit), currently publish transparency reports. Apple, Google, and Whoop promise to notify users of law enforcement requests in publicly available documentation.
Oura now does too, after an update to their privacy policy in June 2026 that was perhaps prompted by a series of requests from journalist Zack Whittaker. In that same update and in an email to us, Oura promises that it is “actively evaluating ways to provide greater visibility into how we handle these requests, like through a transparency report.” This is promising, and we hope the company agrees that transparency reports are the best option moving forward.
Any company that handles data that’s of interest to law enforcement and governments owes it to their users to publish transparency reports and, when legally possible, notify users when that data is requested.
Similarly, Suunto does not currently publish transparency reports, but in an email reply to our questions the company did express an openness to potentially doing so, stating, “We continuously evaluate our transparency practices and may publish additional information, such as a transparency report, in the future if we believe it would provide meaningful value for users and support our data protection efforts.” We hope they do, as these sorts of reports are a useful metric for all of us to better understand if and when our data can potentially be accessed by law enforcement.
We could not find instances where the other companies publicly state a policy around notification or transparency reports, and no others replied to our email questions.
Any company that handles data that’s of interest to law enforcement and governments owes it to their users to publish transparency reports and, when legally possible, notify users when that data is requested. This is especially true of personal health data, which can reveal our movements, and be used to infer details about what we’re doing at any given moment.
End-to-End Encrypted Data Is Far Too Rare of a FeatureEnd-to-end encryption is a method to ensure that your personal data is only accessible by you, and not the company who makes the device and manages the cloud storage. End-to-end encryption is usually used to refer to message encryption in communication apps, like Signal or WhatsApp, but can also refer to data storage. For example, many password managers use end-to-end encryption, and Ring implemented it for its cameras after we pushed for it. There’s no reason it can’t be offered for wearables too.
In the case of health data from wearable devices, it’s a way to store data in the cloud so that information can be synced and backed up between your device and an app on your phone in a way where only your devices can access it.
Support for end-to-end encryption is more rare than transparency reports.
The Apple Watch, at least with data that’s stored in the Health app, is the only popular fitness wearable that supports end-to-end encryption, and it’s enabled by default for all users (you are required to have two-factor authentication enabled as well, but that is also on by default for most accounts).
However, Apple Watch owners should remember that this protection is only for data stored in the Apple Health app. If you use other apps on your watch, or choose to share data with third-parties, like Strava, or if you’re sharing data with other wearables, like an Oura ring, that data is likely not end-to-end encrypted by the third-party company.
Support for end-to-end encryption is more rare than transparency reports.
And that’s it. Apple is the only one. No other popular consumer health wearable offers end-to-end encryption for the data it collects and stores online. Not Google. Not Garmin. Not Oura. Most of these companies instead offer encryption in transit and at rest, but this means those companies can still see and use your data. This is the industry standard, but it doesn’t have to be.
Another option would be more robust local-storage options. Some devices we looked at, like a handful of Garmin and Polar watches, can operate on the watch itself without syncing data to the cloud, but some models are limited in capability and cannot sync to an app without storing data online. More robust options for limiting the data to just the wearable and the phone app it's synced to would be a privacy improvement. For example, the Apple Watch has the option to disable iCloud sharing in Apple Health, which will keep the data only on your phone. It’s the only wearable we found that offers this feature without using a third-party app like Gadgetbridge or by physically connecting the wearable to a computer with a USB cable and transferring activity files over manually.
The general lack of local-only options or end-to-end encryption is a major privacy oversight, especially when you consider these devices collect heart rate, track sleep, and can log your location while also calculating a variety of health metrics supposedly intuiting everything from anxiety to your fitness “age.”
We understand that it’s technically more difficult to implement end-to-end encryption than other sorts of cloud storage, and comes with some limitations that may affect a user’s experience with a product. It also makes certain types of AI-related features harder to implement, since they’d typically need to work on-device (either in the app or the wearable device itself). Because of that, we believe an option for end-to-end encryption or local-only storage of the data collected by a wearable is the least companies can do. This way, those who want to use these devices can do so with the choice to either accept some privacy risks, or choose a more locked down option.
What’s NextIf you’re a user of a fitness wearable from any of the companies we’ve reached out to, or any other one, don’t be shy in asking for these sorts of features. In the rare cases a company offers a feature request page, use it—like for Garmin, Polar, Suunto, and Whoop. And when those types of outlets aren’t offered, don’t shy away from general contact pages, like those offered by Amazfit and Oura, or on community subreddits.
The companies that make these wearables, whether they’re designed for fitness or health, need to improve. At the bare minimum, companies need to publish transparency reports detailing how often they receive requests from law enforcement and commit to notifying users whenever that happens.
It’s also well past the time for more companies to offer end-to-end encryption for the health data they’re storing. We acknowledge that this may be a trade-off for some features, like social networking features, but it should be up to users to decide if they’re willing to make those trade-offs. This level of privacy is an appealing feature that benefits users in myriad ways and more companies can set themselves apart by committing to this level of privacy.
Health data is some of the most personal data we produce, and most wearables companies are behind the times when it comes to basic privacy practices and transparency. Now’s the time to improve those practices.
702 is Currently Expired. Tell Congress not to Reauthorize it Without Substantial Reforms.
There are no excuses for any Member of Congress to support a clean reauthorization of Section 702. Anyone who votes to do so does not take your privacy seriously. Full stop. Section 702 is currently expired but we cannot tolerate any reauthorization that does not include substantial reforms.
Section 702 of the Foreign Intelligence Surveillance Act (FISA) is among the United States’ most infamous mass surveillance programs. Sold to the public as a foreign surveillance tool, it has become a backdoor for law enforcement to search through Americans’ private communications without ever obtaining a warrant. We need to act now to prevent Congress from reauthorizing 702 in a way that ignores the truth: This authority needs to change.
House Speaker Mike Johnson has attempted several times to push re-authorization bills that give us non-substantive reforms. We will not fall for fig leafs or shifts in rhetoric. Our demands are common sense: no renewal without real reforms. A simple extension is a betrayal of every US resident who expects their government to respect their rights and the Constitution.
Your representative needs to hear from you right now, before the 45 date extension ends and Congress will need to vote again. Contact them today.
Tell them: No vote on any bills that would reauthorize Section 702 without meaningful reform.
🚫 Don't Let Congress Age-Gate the Internet | EFFector 38.13
The effort to age gate the internet is back in Washington—and now it has a new name. Recently passed by the House of Representatives, the KIDS Act is a sprawling package of proposals to control what we can see and say online. Supporters claim the KIDS Act is needed to protect minors online. But if lawmakers really want to make the internet safer, why are they encouraging more surveillance instead of protecting our privacy? We dive into this question with our EFFector newsletter.
For over 35 years, EFFector has been your guide to understanding the intersection of technology, civil liberties, and the law. This issue covers a victory for location privacy in the Supreme Court, disturbing developments in the militarization of domestic drones, and a controversial Congressional bill to control what we can see and say online.
Prefer to listen in? EFFector is now available on all major podcast platforms. This time, we're chatting with EFF Senior Policy Analyst Joe Mullin on what would happen to the open internet if the KIDS Act becomes law. You can find the episode and subscribe on your podcast platform of choice:
%3Ciframe%20height%3D%22200px%22%20width%3D%22100%25%22%20frameborder%3D%22no%22%20scrolling%3D%22no%22%20seamless%3D%22%22%20src%3D%22https%3A%2F%2Fplayer.simplecast.com%2F4e65dc91-33af-4dd4-ae88-1c8626b39537%3Fdark%3Dfalse%22%20allow%3D%22autoplay%22%3E%3C%2Fiframe%3E
Privacy info.
This embed will serve content from simplecast.com
Want to protect your right to online anonymity and access to the open web? Sign up for EFF's EFFector newsletter for updates, ways to take action, and new merch drops. You can also fuel the fight for privacy and free speech online when you support EFF today!