The Privacy Risks of Your Fitness Tracker

Smartphone with fitness equipment on top of it

There is an old saying that tells us what gets measured gets done. This has proven especially true in the area of personal fitness. The arrival of personal fitness trackers has enabled us to track our fitness activities in ways we could not have dreamed of doing before. This has helped boost the market for fitness trackers to over $20 billion per year. Unfortunately, these devices may be tracking a lot more than your fitness activities and may even pose a serious risk to your privacy.

The Most Private Information in Your Life

Health information is among the most private information imaginable. Some information we may hesitate to share even with our doctors and may never share with close family members. Yet we allow our wearable fitness trackers to capture this information. The time you wake up in the morning, how far you walk, your weight, blood pressure. These are all indicators of your overall health. This is the basic, vital information collected at the doctor’s office to begin diagnosing your health.

Fitness trackers help us improve our health by making us more aware of these critical indicators. It is important to be aware of what information they collect and store, however. Making informed choices about your privacy is your right and deserves serious consideration. This is especially true when it comes to private information about your health.

Can Your Fitness Information Be Hacked?

jogger with smartwatchMost fitness trackers connect with your phone via Bluetooth. Unfortunately, recent studies have shown previously unrecognized security holes that can allow hackers to gain access to your information. Even without hacking your device, someone can “sniff” the Bluetooth signal sent back to your smartphone to guess your pin. Once a hacker has your pin, it is simple to gain access to all your health information.

You might wonder who would want to go to the trouble of hacking your fitness tracker. We must remember that information is valuable. Companies such as Google and Facebook earn billions of dollars by compiling and selling user information. While you may not think there is a market for your data, if hackers are finding ways to crack your system, it’s a good bet there will be a market for the information somewhere.

What If the Fitness Tracking Company Is Hacked?

There is also concern that the information stored on the servers of the tracking company could be hacked. After all, if hacking one fitness tracker could yield valuable information, hacking the information of thousands of user is even more valuable. Hackers may sell the information or attempt to ransom it back to the fitness tracking company. Once the information is outside the company’s control, what happens next is anyone’s guess.

If the information is released publicly, your health insurance provider could legally use the information to adjust your health premiums. If you are more sedentary than what you report to your doctor, an insurance company could increase your premiums based on the released information. While no breach of health data has yet occurred, many large companies with strong security have been hacked. Data scientists say it is not a matter of if a company will be hacked, but rather when. What matters most is how these companies will respond.

What Happens When Your Fitness Company Is Sold?

fitbit logoMany makers of fitness trackers recognize that your privacy is important. Fitbit, for example, spells out clearly in their privacy policy how they will use your information. Reading the privacy policy for your fitness tracker can give you a sense of comfort knowing that the company values your privacy and takes steps to protect it.

If you dig a bit further, however, you may find some information of concern. Fitbit, for example, does explain that they collect your information and strip it of personal identifiers to sell to third parties. Your health information is so valuable to advertisers and researchers that they will gladly pay for access to anonymous information.

However, what happens if the maker of your fitness tracker sells to another company. Will the new company have the same data policies? Will they attempt to exploit the data by selling information about your health to advertisers, insurance companies, or others? When a company is sold, one of the most valuable assets they possess is customer data. The sale of your data could become a key point in a future business deal.

Any fitness tracker’s privacy policy will include a warning that your information may be released if the company is compelled to do so by law. In fact, this is already starting to reshape personal injury claims. In 2016, a woman claimed to have been raped in her home after midnight. On investigation the police noticed she had a fitness tracker and gained access to her information. It turned out the fitness tracker contradicted her story and so overturned her case.

It is a good thing when justice prevails, but what if your data is misused or misinterpreted? Fitness trackers often confuse activities such as driving or folding laundry as walking. What if an insurance company subpoenaed your private information from your tracker as part of a worker’s compensation claim? If the tracker showed you walking thousands of steps on a day you were merely driving to doctor’s appointments, you are likely to feel outraged and violated. Even if the device confirmed your story, having your private information released to antagonistic attorneys would likely feel like an invasion of privacy.

Maintain Your Privacy

Eye on LaptopWhile none of these reasons may compel you to ditch your fitness tracker, they should cause you to stop and think. As technology continues to advance at a rapid pace, Privacy is often an afterthought. It is not until your privacy is violated that you are likely to consider its true value.

Before purchasing a fitness tracker, take some time to read the company’s privacy policy. Assure yourself that the company that makes your tracker values your privacy and takes reasonable steps to protect it. Research any data breaches in the company and whether they have taken steps to prevent intrusion in the future. Think about when and where you might want to wear your fitness tracker. Crowded areas provide more opportunities to skim data and a richer environment for thieves and hackers.

Even if your information is compromised, for it to have worth to others, it must be linked to you personally. By combining the information with a profile of your activities and interests online, your data becomes truly valuable. Protect your anonymity by using a VPN service on all your devices. A quality VPN makes sure your privacy is protected by rerouting your data through their server after encrypting it. Because the data does not go directly to you, your privacy is protected. For more information about how a VPN can protect your privacy and provide many other benefits, see our post about choosing the right VPN for your needs.

Tech journalist
Tove has been working for VPNoverview since 2017 as a journalist covering cybersecurity and privacy developments. Since 2019 she is's cybersecurity news coordinator.