Garmin

When your *Privacy Not Included researcher wanted to get a fitness tracking smartwatch to see how stressed out reading privacy policies made her, Garmin is what she went with. Because Garmin seems to do one of the best jobs handling the privacy and security of all the personal data fitness trackers collect, at least according to their really not that stressful privacy policy.

Here’s what this privacy researcher likes about Garmin. Yes, they do collect a good bit of personal information through the device and on the Garmin Connect app because that’s what a fitness tracking smartwatch does. They collect data like email address, device information, location, and all that body related data like physical activity, stress, sleep patterns, heat rate, pulse ox, and more. The good thing is, yes, they collect it, but they also seem to protect it.

Your “sharing with others” user settings in the Garmin Connect app are set to “private” by default. Which is great. You can choose to share your data with contacts if you wish, but you have to change your privacy settings to do that. Good work Garmin. Garmin also doesn’t share your personal information for advertising purposes with third parties. They ask you to opt-in rather than opt-out of consent to receive marketing communications from them. And their privacy policy is actually pretty good at laying out what data they collect, clearly explaining why they collect it, and how it is used. That’s all worth another, good work Garmin!

Garmin also seems to do a pretty good job securing the personal information they collect. However, they did suffer that very public ransomware attack in 2020. Ransomware attacks suck and it seems no company is safe from them these days. Good news though, no user data was actually compromised in that attack, so, once more, good work Garmin.

Garmin isn’t 100% perfect though. We do ding them because they don’t make it clear in their privacy policy that all users -- regardless of where they live and the privacy laws they live under -- have the same right to access and delete their data. Garmin told us they don’t deny any user those requests. However, it seems based on the way their privacy policy is worded, they could. Garmin told us they would revisit the wording in their privacy policy on this issue. Here’s hoping they make an update to clarify that soon.

Is your intrepid privacy researcher happy with her decision to get a Garmin fitness tracker? Yes, she is. Although it does make her a little nervous that she now leaves her phone's Bluetooth on all the time. But hey, knowing that body battery score is really cool! What’s the worst that could happen with your fun Garmin fitness tracking smartwatch? Well, hopefully nothing, but do beware if you link your data to other third party apps like Strava and MyFitnessPal. Those apps come with their own privacy policies and every time you share your personal information with someone else you increase the vulnerability of that personal information.

Update, August 2022 following the overturn of Roe vs Wade protection reproductive health rights in the United States.

Garmin's wearables and the app they use, Garmin Connect, can be used for period and pregnancy tracking. Still, even though Garmin does collect a lot of very personal information, they do a pretty good job with privacy and security. However, if you share your Garmin Connect app data with another third-party such as MyFitnessPal or Strava, all that very personal data you share is not under the privacy policies of those third-parties, which might not be as good as Garmin's policies. So be very careful who you share your Garmin data with. Better yet, don't share it with anyone. And remember to password protect and lock down your phone so people can't access your period or pregnancy data there either.

When it comes to sharing data with law enforcement, Garmin's privacy policy says, "We may process and disclose personal data about you to others: … to comply with legal obligations, such as a valid subpoena, court or judicial order, or other valid legal process." Which isn't as strong and clear a statement of sharing data with law enforcement as we like to see. We much prefer when companies state they won't give up user data to law enforcement unless required to under subpoena, and even then, we like to see them commit to only giving up the bare minimum necessary.

Does this privacy researcher still use her Garmin fitness tracker? Yes. Does this privacy researcher use it to track her period? Yes. Is she worried that personal information could leak or be shared in a way she doesn't want. Also, yes. But not worried enough to stop using the device, because Garmin does do a pretty good job with privacy and security. And this privacy researcher understands nothing is perfect and we all have to determine our own risks versus reward. Now, if this privacy researcher lived in a state where abortion had recently been made illegal, she'd probably have a different take on matters. This is the sort of evaluation we all have to do right now, as nothing is 100% safe.