Table 1 Evaluation of privacy practices in leading wearable device companies across 24 privacy criteria

From: Privacy in consumer wearable technologies: a living systematic analysis of data policies across leading manufacturers

  1. Companies in alphabetical order. Criteria in consecutive order as per the evaluation framework.
  2. 1 = Low risk; 2 = Some concerns; 3 = High risk. Each numbered criterion represents a specific privacy practice assessed across manufacturers:
  3. 1. User Notification About Third-Party Requests: Whether users are informed of data requests by governments or private entities, and if exceptions (e.g., gag orders) are disclosed.
  4. 2. Transparency Reporting: Availability of transparency reports detailing request counts, legal justifications, and affected users.
  5. 3. Threat Notification: Breach reporting procedures, including prompt notification to authorities and affected users.
  6. 4. Identity Policy: Whether users can register without presenting government-issued ID.
  7. 5. Data Use: Data is used only for explicitly stated purposes.
  8. 6. Data Collection: Clear disclosure of what data is collected, when, and whether third-party sources are involved.
  9. 7. Minimal Data Collection: Collection limited to essential data; non-essential permissions can be declined without impairing functionality.
  10. 8. Privacy by Default: Default settings prioritize privacy; targeted advertising is off by default.
  11. 9. Data Benefits: Benefits of data collection are clearly disclosed and user-oriented.
  12. 10. Purpose Limitation: Data is only collected and used for specified purposes.
  13. 11. User Control Over Data Collection: Users can restrict data collection while retaining product functionality.
  14. 12. Data Retention: Retention periods are disclosed; unnecessary data is deleted or anonymized.
  15. 13. Data Control: Users can limit data collection via in-app or account settings.
  16. 14. Control Over Targeted Advertising: Users can opt out of targeted ad tracking.
  17. 15. Data Access: Users can access personal data in a structured, portable format.
  18. 16. Data Deletion: Users can easily delete personal data; deletion policies are transparent.
  19. 17. Data Sharing: Disclosures about what data is shared, with whom, and why.
  20. 18. Authentication: Strong user authentication, including support for multi-factor methods.
  21. 19. Encryption: Data is encrypted in transit and at rest, ideally using end-to-end protocols.
  22. 20. Known Exploit Resistance: Evidence of protection against known vulnerabilities.
  23. 21. Security Oversight: Internal access controls and third-party audits are in place.
  24. 22. Security Over Time: Regular updates and communication about product security lifecycle.
  25. 23. Vulnerability Disclosure Program: Public bug reporting or bounty system, with defined resolution timelines.
  26. 24. Breach Notification: Clear, timely breach notification process for users and regulators.
Back to article page