Smartwatches, fitness trackers, and smart glasses are becoming everyday companions for many people. These body-worn devices collect a wide range of personal data through built-in sensors and often connect to the internet, raising significant privacy concerns for both users and third parties.
Wearables can track physical activity, sleep patterns, heart rate, and other health metrics. When paired with smartphones via Bluetooth or connected directly via mobile networks, and equipped with cameras, microphones, and location services, they can also support augmented reality applications. The data protection risks depend heavily on how the device is actually used.
Data Collected from Users
Most people wear these devices to monitor their own physical or sporting activities. They rely on pre-installed software or companion apps that analyze the collected data to provide insights into performance, health, and well-being.
Because the data is measured directly from the body, it has a strong personal link. Health-related data is considered particularly sensitive under Swiss law, as misuse can lead to serious consequences. Since many wearables are worn continuously — including at night — they can reveal movement patterns, daily routines, and intimate aspects of a person’s life. In short, such a device can often know more about its user than the user realizes.
Considerations Before Purchase or Installation
Before buying a wearable or installing its companion app, it is essential to review how the manufacturer or developer handles the collected data. This information is usually found in the terms of use and the privacy policy. Reading these documents carefully helps users make an informed decision and exercise their right to informational self-determination.
Key questions to ask include:
• What data does the device or app collect, and for what purposes?
• Where is the data stored (on the device, on the manufacturer’s servers, or with third parties)?
• Is the data shared or sold to other companies?
• Can users easily access, correct, or delete their data?
• What privacy-friendly default settings are available?
• How transparent is the overall data processing?
A device or app that only functions by requesting excessive or unclear permissions may not respect data minimization principles and should be approached with caution.
Tips for Safe Use
Beyond reviewing policies, users can reduce risks through mindful behavior:
When installing third-party apps or enabling certain features, devices often request permissions for access to photos, microphone, location, or health data. Always evaluate whether these permissions are truly necessary for the desired function. Deny or revoke any unnecessary access in the device settings.
A privacy-friendly app should operate on the principle of data minimization. If an app demands broad or hard-to-understand permissions, it may be wiser to avoid using it or purchasing the device altogether.
Regular software and app updates are crucial. Security vulnerabilities are often fixed through patches, so keeping wearables and connected apps up to date significantly lowers risks.
Data of Children
Parents increasingly use wearables with GPS or Bluetooth tracking to monitor their children’s location. However, important legal limits apply: Even though minors lack full legal capacity to exercise their own personality rights, legal guardians must act in the child’s best interest while respecting the child’s privacy and intimate sphere.
Children cannot validly consent to the processing of their data for ongoing parental surveillance. Parents should carefully weigh the benefits of tracking against the child’s right to privacy and autonomy.
Data of Third Parties
Wearables equipped with cameras or microphones allow users to capture data from others — family members, colleagues, friends, customers, or patients — such as voices or images. Because wearables are more discreet than smartphones, there is a higher risk of recording third parties without their knowledge or awareness that their data is being collected, processed, or transmitted.
Users must understand that they cannot freely process images or recordings of others. Covert data collection can violate not only data protection rules but also criminal law.
Heightened Risks with Smart Glasses
Modern smart glasses (such as certain Ray-Ban or Oakley models) are particularly discreet. They can record photos, videos, and audio without the knowledge of those affected and instantly share them — for example, via live streams on social networks. Many are deeply integrated with Meta’s products and artificial intelligence capabilities.
These features create elevated risks to the personality rights of third parties. Processing personal data in violation of the transparency principle generally constitutes an unjustified interference with personality rights and is therefore unlawful.
Users should ensure that any potentially affected third parties are informed about the recording and explicitly consent to the processing of their data.
Ignoring these principles can lead to civil liability as well as criminal consequences under the Swiss Criminal Code (for example, Articles 179bis, 179ter, and 179quater StGB concerning unauthorized recording of conversations or images from private spheres).
Users bear responsibility for informing themselves about the applicable legal rules in the place where they use the device. For more information on handling photos, see the FDPIC’s guidance on the right to one’s own image — every person generally has the right to decide whether and in what form their image may be recorded or published.
The FDPIC (Federal Data Protection and Information Commissioner) is Switzerland’s independent supervisory authority for data protection and freedom of information. Its mission is to protect the privacy rights of individuals by ensuring that federal bodies and private entities process personal data lawfully.
This guidance underscores that while wearables offer valuable benefits, they also demand heightened caution due to the sensitive nature of the data involved and the potential impact on both users and bystanders.
