Smartwatch privacy policies fall short on data transfer transparency, study finds

As wearable technologies like smartwatches become part of everyday life, they also bring complex questions about personal data privacy: especially when that data crosses international borders. With health-related features now standard in many devices, understanding how and where user data is transferred is increasingly vital.

In a recent publication, Dr Hui Yun Chan and Hui Jin Toh examined how smartwatch privacy policies disclose international data transfers. Their document analysis reveals significant gaps in transparency, consistency, and legal adequacy, raising concerns about user rights and regulatory compliance in cross-border data flows.

The study analysed privacy policies from a range of smartwatch providers to assess how clearly they communicate data transfer practices. The findings show that many policies are vague or incomplete, often omitting key information about recipient countries, legal safeguards, or data protection standards. This leaves users in the dark about where their sensitive personal data is going and what protections, if any, are in place.

Importantly, the study found that even when policies mention data transfers, they often rely on generic legal language or refer to outdated frameworks. Few provide meaningful detail on how companies ensure compliance with evolving international privacy regulations such as the EU’s GDPR or similar laws in other jurisdictions.

To address these issues, the authors propose a set of recommendations aimed at improving policy clarity and accountability. These include standardising privacy language, clearly specifying transfer mechanisms, and providing accessible summaries for users. They also call for stronger regulatory guidance to ensure privacy policies reflect both legal obligations and the real-world risks of international data transfers.

As smartwatches continue to expand their role in health monitoring and behavioural tracking, this research underscores the need for clearer, more user-focused communication about data practices. Transparent and comprehensive privacy policies are not just a legal formality: they are essential for building user trust in the digital health technologies of the future.