Of ten wearable makers reviewed by the EFF, only Apple and Google publish transparency reports on government data requests, and only Apple Watch encrypts biometric data end-to-end.
The Electronic Frontier Foundation published on 15 July 2026 an analysis of ten manufacturers of health wearable devices, examining each company’s public policies and contacting them by email. The finding: most publish no transparency report on government requests for access to user data, and almost none offer end-to-end encryption for biometric data.
The devices reviewed include products from Apple, Google (which owns Fitbit), Oura, Garmin, Whoop, Amazfit, Coros, Hume, Polar and Suunto. According to the EFF, surveys indicate that roughly 40% of the US population owns at least one commercial health wearable. These devices collect data on heart rate, movement, sleep and other physiological parameters, yet they fall outside the protections that apply to health data in the strict legal sense.
Only Apple and Google publish transparency reports. Apple, Google and Whoop explicitly commit, in their public documentation, to notifying users of law-enforcement requests where legally permitted. Oura updated its privacy policy in June 2026, promising to «actively explore ways to offer greater visibility into how we handle these requests, including through a transparency report». Suunto responded by email stating openness to publishing one in future, without binding commitments. The remaining companies did not respond to the EFF’s questions and have no public policy on the matter.
On end-to-end encryption, the picture is even more limited. According to the EFF, only the Apple Watch – for data stored in the Health app – supports end-to-end encryption enabled by default, with two-factor authentication required. The other devices reviewed offer no equivalent protection. Manufacturers of the other wearables can access biometric data stored on their servers and respond to warrants or subpoenas by handing that data to authorities.
The EFF notes that wearable data has already been used in criminal investigations: heart-rate and step-count information has helped establish the location of individuals in several proceedings. The surveillance company Penlink describes fitness trackers as an «overlooked» data source for law enforcement, useful for reconstructing movement patterns and physiological changes. Authorities can request access to this data via subpoena or warrant.
A wrist that measures a heartbeat is also a wrist that, in the absence of encryption, can be subpoenaed by a court. If wearable makers present themselves as guardians of user health, one question stays open: guardians towards whom – and in whose favour when a government request arrives?





