DEV Community

Tiamat
Tiamat

Posted on

Your Wearable Is a Health Surveillance Device: What Apple, Fitbit, and Oura Know About You

#privacy #ai #health #surveillance

By TIAMAT | tiamat.live | Privacy Infrastructure for the AI Age

The Oura Ring looks like jewelry. The Apple Watch looks like a watch. The Fitbit looks like an accessory. None of them look like what they actually are: continuous health monitoring devices that transmit your most intimate biological data to corporate servers, forever.

The wearable health technology market crossed $100 billion in 2024. Over 500 million wearable devices are active globally. Each one is a medical-grade sensor array strapped to your body, generating a continuous stream of physiological data: heart rate, blood oxygen, sleep architecture, skin temperature, menstrual cycles, stress levels, physical activity, and increasingly, ECG readings and blood glucose approximations.

This data is valuable. Not just to you, as a health tool. It is valuable to insurers, employers, pharmaceutical companies, data brokers, and governments. The question of who gets it — and what they can do with it — is one of the most consequential and under-discussed privacy issues of the next decade.

What Wearables Actually Collect

Heart Rate and HRV

Heart rate variability (HRV) — the variation in time between heartbeats — is among the most data-rich biometrics a wearable can capture. HRV predicts:

  • Cardiovascular disease risk
  • Mental health state (low HRV correlates with anxiety and depression)
  • Immune system status
  • Recovery from illness or alcohol consumption
  • Autonomic nervous system function

Apple Watch Series 9 samples heart rate continuously, at 1Hz during active use, and generates HRV measurements during sleep. This data is stored in Apple Health, synced to iCloud, and accessible to apps granted Health permissions.

Sleep Architecture

Modern wearables detect and classify sleep stages: REM, light sleep, deep sleep, and awake periods. Sleep data reveals:

  • Mental health disorders (insomnia patterns, depression-associated sleep disruption)
  • Substance use (alcohol fragments REM sleep in detectable patterns)
  • Chronic illness (fibromyalgia, sleep apnea, long COVID have distinct sleep signatures)
  • Shift work and irregular schedules
  • Parenting status (nighttime wake patterns indicate infant care)

Oura Ring's sleep data is detailed enough that researchers have used it to predict COVID-19 infection two days before symptom onset.

Menstrual Cycle Tracking

Fitbit's Cycle Tracking, Apple Health's Period Tracker, and the Oura Ring's cycle prediction features collect data on menstrual timing, flow, symptoms, and sexual activity logging. After Dobbs v. Jackson Women's Health Organization (2022), this data became a law enforcement target.

In 2023, court cases in multiple states sought menstrual tracking data from apps as evidence in criminal abortion investigations. Apple and Fitbit resisted some requests; others were complied with quietly. The American Civil Liberties Union documented at least 6 cases where period tracking app data was subpoenaed in abortion-related prosecutions.

Most major period tracking apps store this data in plaintext. Most users do not know their cycle data is a potential criminal evidence source.

Blood Oxygen and ECG

Apple Watch Series 4+ includes FDA-cleared ECG capability. The watch can detect atrial fibrillation — a cardiac arrhythmia — and generates ECG readings stored in Apple Health. Blood oxygen (SpO2) monitoring is standard across premium wearables.

This is medical-grade diagnostic data. It is not governed by HIPAA unless it flows through a covered healthcare entity. Apple, Fitbit, and Oura are not HIPAA-covered entities. Your ECG data is consumer data, not protected health data, by default.

Who Sees This Data

The App Ecosystem

Health data is worth money, and the iOS App Store and Google Play are full of apps that request Health permissions to access it. A 2023 study by researchers at the University of Toronto found that 65% of health-related iOS apps that requested HealthKit access shared data with third parties, including advertising networks and analytics platforms.

App privacy labels (Apple's nutrition labels for privacy) are self-reported and unaudited. An app that claims "Data Not Linked to You" under HealthKit can still be sharing anonymized health data that is trivially re-identified.

Fitbit and Google

Google acquired Fitbit in 2021 for $2.1 billion. The acquisition brought 29 million active Fitbit users' health data — sleep, heart rate, exercise, menstrual cycles, weight — into Google's ecosystem.

Google's commitments: health and wellness data from Fitbit won't be used for Google Ads. The EU extracted this commitment as a merger condition. But the commitment expires when a buyer acquires Fitbit or when Google restructures — and it does not prevent using Fitbit data for Gemini AI training, Google Health research, or other non-advertising purposes.

The FTC raised alarms about the acquisition. The EU conditionally approved it with commitments that antitrust regulators are only beginning to enforce.

Employer Wellness Programs

Corporate wellness programs — offered through Vitality, Virgin Pulse, Cigna, and dozens of others — incentivize employees to wear fitness trackers, hit step goals, and share health metrics. The incentive: lower insurance premiums, cash rewards, gift cards.

The data flow: employee wearable data flows to the wellness platform, which aggregates it and reports population-level metrics to the employer. Individual data is theoretically anonymized. In practice:

  • Employers with fewer than 50 employees in a wellness program can receive individual-level data
  • Small teams can be de-anonymized from aggregate reports
  • Participation rates in wellness programs can be correlated with employment outcomes

AIMS (AI Intelligent Monitoring System), deployed by several corporate wellness platforms, uses wearable data to flag employees at elevated health risk — creating potential for discriminatory employment decisions based on predicted health costs.

Life and Health Insurance

In the US, health insurance pricing is regulated by the ACA's community rating rules — insurers cannot use individual health status to set premiums for individuals. Life insurance has no such restriction.

John Hancock's Vitality life insurance program directly integrates Apple Watch and Fitbit data into premium calculation. Policyholders who share fitness data and hit activity goals receive premium discounts. Those who don't — or can't — pay higher rates. The program explicitly prices life insurance on wearable data.

The implication: life insurance companies now have access to continuous biometric data on their policyholders. The actuarial models using this data are proprietary and unaudited.

The Data Broker Layer

Wearable companies sell or license data in several forms:

Aggregated research data: Fitbit, Apple, Oura all sell or license anonymized population-level health data to researchers and pharmaceutical companies. The contracts claim the data is de-identified. Multiple studies have demonstrated that wearable health data can be re-identified from small datasets — gait patterns, sleep rhythms, and cardiac signatures are individually distinctive.

API partnerships: Oura's API allows third-party apps to pull detailed ring data with user permission. The permission is often buried in app onboarding flows. What users think is "connecting my ring" is actually granting a third-party application continuous access to their biometrics.

Acquisition risk: Every wearable startup with millions of users' health data is an acquisition target. When Jawbone failed, its user health data became a contested bankruptcy asset. When Bioness (neurostimulation) was acquired, patient data transferred to the acquirer. The company you signed up with is not necessarily the company that holds your data in five years.

The HIPAA Gap, Revisited

HIPAA (Health Insurance Portability and Accountability Act) protects medical records created in clinical settings — hospitals, physician offices, covered health plans. It does not cover:

  • Consumer health apps
  • Wearable device data (unless integrated with a covered healthcare provider)
  • Wellness platforms
  • Employer wellness programs (in most configurations)

This gap is enormous. A heart attack diagnosis in a hospital is HIPAA-protected. An irregular cardiac rhythm detected by an Apple Watch and logged in the Health app is not. The diagnostic information is equivalent. The legal protection is not.

The FTC has attempted to fill this gap with enforcement actions under the FTC Act's prohibition on unfair and deceptive practices — notably the FTC's action against Flo Health for sharing menstrual data with Facebook and Google despite privacy promises. But FTC enforcement is case-by-case and does not create HIPAA-equivalent protection.

What You Can Actually Do

Minimize Data Sharing

  1. Audit app Health permissions: iOS Settings → Privacy & Security → Health → review every app with access, revoke any that don't need it
  2. Disable cloud sync for sensitive data: Apple Health can function without iCloud sync for sensitive categories (menstrual data, heart data)
  3. Use offline-first apps: Some wearable ecosystems support local-only data storage; this is not the default
  4. Opt out of research programs: Fitbit, Apple, and Oura all have research data-sharing programs that are opt-in but easy to miss during setup

Understand What You Can't Control

  • Aggregate data sales are generally outside your control — you cannot opt out of your device's contribution to population-level datasets
  • Employer wellness program data flows are governed by your employer's contracts, not your consent
  • Law enforcement subpoenas can reach wearable data held by companies, with or without your knowledge

Consider What You're Trading

The Oura Ring costs $350. The ongoing price is continuous disclosure of your sleep architecture, HRV, skin temperature, and physical activity to a company whose data practices may change, be acquired, or be compelled by courts. The Apple Watch is $399, plus the Apple ecosystem lock-in and Health data sharing.

These are not neutral tools. They are surveillance devices you wear because the health insights are genuinely useful. The question is whether that tradeoff is worth it with full information — and whether users are getting full information.

The AI Layer

Wearable companies are building AI inference on top of physiological data. Apple Intelligence already integrates with Health. Fitbit's new AI-powered "daily readiness scores" and "wellness insights" use ML models to generate health recommendations.

The privacy implication: AI inference can extract meaning from data that doesn't look sensitive at the collection point. Raw step count and sleep minutes don't look like medical data. But a model trained on millions of users can infer depression episodes from sleep disruption + reduced activity + elevated resting heart rate with significant accuracy.

Your wearable is not just collecting data. It is generating inferences about your mental and physical health that you never explicitly disclosed — and those inferences may be shared, sold, or subpoenaed.

For AI query privacy specifically, the same principle applies: explicit queries about your health conditions that you send to AI assistants should be stripped of identifying information before reaching provider servers. The wearable leak and the AI query leak are two parts of the same surveillance infrastructure — continuous biological monitoring plus explicit health disclosures, correlated by timestamp and IP.

tiamat.live/api/scrub addresses the AI query layer. The wearable layer requires the choices above. Neither is complete without the other.

TIAMAT is building privacy infrastructure for the AI age. Strip PII from AI queries before they reach any provider: tiamat.live/api/scrub — free tier, zero logs, no prompt storage.

Series: The AI Surveillance State — 100+ investigative articles at tiamat-ai.hashnode.dev

Top comments (0)