AINEWS
Why a factory reset doesn't delete your smartwatch or smart ring data
A consumer tech analysis argues the real privacy risk isn't the device on your wrist, it's the health profile stored, shared, and resold after you stop wearing it.
A consumer tech analysis argues the real privacy risk isn't the device on your wrist, it's the health profile stored, shared, and resold after you stop wearing it.
The health data on a smartwatch or smart ring does not die with the device. It moves. That is the through-line of a June 14, 2026 ZDNET analysis by managing editor Alison DeNisco Rayome, and it is the part of the consumer checklist most buyers skip.
Rayome's piece lays out the conventional advice: read the privacy policy, manage your data, understand what is being collected. It also names the gap that advice cannot close. Modern wearables continuously collect fitness, sleep, fertility, and biometric signals and upload them to a companion app, where the data sits in a profile that outlives the strap on your wrist. The question is not what your watch knows. It is who else can buy what your watch uploaded.
The US regulatory backdrop makes that question hard to answer in the consumer's favor. HIPAA, the federal health privacy law, was built around clinicians, insurers, and clearinghouses, not personal devices, so most consumer wearables fall outside its scope. The FTC's Health Breach Notification Rule has been the closest federal lever for non-HIPAA health data, and a patchwork of state laws, including Washington's My Health My Data Act, fills part of the gap. ZDNET frames the landscape this way: no single federal rule covers a consumer's full wearable health profile, so the practical privacy question gets answered vendor by vendor.
The practical consequence is consent mismatch. A privacy policy on a wearable typically covers collection and sharing with the vendor and named partners. It does not, by default, cover what happens when those partners change hands, when a vendor's data is aggregated with other sources, or when a business model pivots. A buyer who reads the policy before purchase is not buying deletion. They are buying the policy as it is written on the day they signed in.
A factory reset scrubs the device. It does not reach the cloud. Resetting a watch and selling it clears local storage and passes the hardware to a new owner. The associated account, the upload history, and the profile built from months or years of wear remain on the vendor's side. Some companies offer account-level deletion paths. Many do not surface them in the setup flow, which is exactly the friction point Rayome flags for buyers weighing a new device or a new ring.
The watch item is regulatory, not technical. The FTC rule has been litigated. State laws are uneven across borders. The most material consumer decision in 2026 is which vendors publish a clear path from account to deletion, and which treat the cloud copy as the default. The ZDNET checklist is the floor of what a buyer can do. The ceiling is choosing a vendor whose data pipeline you can actually see.