The global wearable tech market is expected to double from 526 million devices in 2016, to more than 1 billion devices by 2022. We can expect this number to keep growing as our cities become more connected, making the switch from 4G to 5G.

Fitbit came onto the scene 10 years ago, looking like a digital pedometer crossed with a money clip. Now it’s the market leader in fitness trackers and has become a term synonymous with personalized health monitoring technology. And recently, Google announced their purchase of Fitbit for $2.1 billion. But in 2016, Fitbit had a security breach on its hands: hackers were able to obtain user account information by taking stolen email addresses and passwords from third-party sites, tapping into the company’s databases and trying to order replacement parts fraudulently under the owner’s warranty. The company addressed the issue right away and has since taken multiple steps toward protecting its users’ data. 

But the question remains: How secure is personal information stored on these devices, which require certain details in order to start a profile and can be as sensitive as a woman’s ovulation cycle? 

Anonymized data is generally scrubbed of any information that could be used to identify a single, individual person.

How anonymous is anonymized data?

Fitbit says that users largely have control of what information they provide and what is shared through either the company itself or via third-party applications or uses. 

“To the extent that information we collect is health data or another special category of personal data subject to the European Union’s General Data Protection Regulation, we ask for your explicit consent to process the data,” the company says. “We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device  to your account, grant us access to your exercise or activity data from other services or use the female health tracking feature.”

Fitbit does acknowledge that some data might be aggregated and anonymized and shared with third parties, “including public reports about exercise and activity. Data collected and shared with consent is kept for as long as the account is active.” 

Anonymized data is generally scrubbed of any information that could be used to identify a single, individual person. It’s supposed to be used more broadly to identify trends or habits among groups in a given area — whether that’s a community or a country. But there are some recent developments that might raise some concerns about who has access to this data and how it’s being used.