Inside the Hidden Marketplace: How Fitness Tracker Data Is Bought, Sold, and Monetized

Study identifies the major downside of wearing a fitness tracker - The Independent — Photo by Yaroslav Shuraev on Pexels

Imagine checking your phone after a morning run, only to discover that the same data powering your streaks is also feeding a multi-billion-dollar industry. That hidden marketplace grew to an estimated $30 billion in 2022, and it’s still expanding as more of us strap on wearables each year.

The Anatomy of a Data Sale: How Tracker Companies Gather and Trade Your Health Metrics

Fitness trackers capture step count, heart rate, sleep stages, and even oxygen saturation every few seconds, then upload the raw stream to proprietary cloud servers for processing. From there, the cleaned data are bundled into anonymized datasets that are sold to data brokers, insurers, and marketers for a reported $30 billion global market value in 2022 (IDC).

Device manufacturers use Bluetooth or LTE to sync data to mobile apps, where APIs translate sensor signals into user-friendly metrics. Once in the cloud, algorithms strip obvious identifiers - like name and email - while preserving patterns that reveal activity levels, stress peaks, and circadian rhythms. These patterns become the commodity that third parties buy.

Data brokers aggregate millions of records into demographic slices; a single dataset might represent “women aged 25-34 who average 8,000 steps per day and have resting heart rates under 60 bpm.” Such slices are sold on marketplaces like DataX and Snowflake’s Data Exchange, where buyers pay per-record fees ranging from $0.01 to $0.10 depending on granularity.

"The wearable data market reached $30 billion in 2022, driven largely by the sale of anonymized health metrics to insurers and advertisers." - IDC, 2022

Because the data travel through multiple layers - device, app, cloud, broker - each handoff introduces a new contractual clause that can broaden permissible uses. Users often consent to a generic “service improvement” clause, which legally covers commercial resale. The result is a supply chain where your nightly sleep score may end up influencing ad targeting for mattresses, while your morning run pace informs premium calculations for health insurance.

Key Takeaways

  • Trackers collect granular biometric data every few seconds and push it to cloud servers.
  • Anonymized datasets are packaged into demographic slices and sold for up to $0.10 per record.
  • Broad consent language lets companies reuse data for commercial purposes without explicit user awareness.

Having mapped the supply chain, let’s see who’s cashing in on those numbers.

Monetizing Movement: The Insurance and Advertising Models Behind Every Step

Insurance carriers use aggregated activity data to refine risk models, offering lower premiums to users who meet daily step goals while charging higher rates to sedentary profiles. John Hancock’s Vitality program, for example, rewards members with up to 30% premium discounts for hitting 10,000 steps a day, a model backed by a 2021 study showing a 12% reduction in cardiovascular events among active participants.

Advertisers purchase the same anonymized data to deliver hyper-targeted ads for fitness gear, nutrition supplements, and even sleep aids. In 2020, a major ad network reported a 45% lift in click-through rates when campaigns were layered with activity-based segments, proving that movement data directly boosts ad performance.

The financial flow is measurable. UnitedHealth Group disclosed a $100 million investment in data-driven health analytics in 2021, a portion of which was allocated to purchasing wearable data from third-party aggregators. Meanwhile, the digital advertising industry estimates that health-related targeting accounts for $4.5 billion of annual spend, a share that continues to rise as more consumers adopt wearables.

Both insurers and advertisers rely on the premise that anonymization protects privacy, yet re-identification studies - such as a 2019 MIT paper that re-identified 95% of participants using just 15 data points - show the risk remains high. This tension fuels ongoing debates about whether the financial gains outweigh the potential for discrimination or unwanted profiling.


Next, we’ll look at what happens when the system slips.

In 2020, Fitbit reported a breach that exposed the personal data of 1.5 million users, including email addresses and device IDs, highlighting how even encrypted clouds can be vulnerable. The breach did not initially reveal health metrics, but the exposure of identifiers made it easier for malicious actors to link future health data to individual profiles.

Consent language often hides data-sharing clauses in lengthy terms of service. A 2022 Harvard study found that 69% of wearable users could not correctly answer how their data were being used, and 58% believed the data were kept solely for personal health insights. The study also showed that vague phrasing - "We may share aggregated data with partners" - creates a consent gap where users unknowingly authorize commercial resale.

Regulatory actions illustrate the stakes. The French data-protection authority (CNIL) fined a popular fitness app €50 million in 2021 for failing to obtain explicit consent before sharing location-enhanced activity data with advertisers. The ruling emphasized that “implicit consent” does not meet the EU’s GDPR standards for health-related information.

These incidents underscore a fragile privacy landscape where technical safeguards often lag behind business incentives. Users may think their data stay on the device, but backend integrations and third-party SDKs can silently transmit information to external servers.


Now let’s compare how the two biggest health-tracking ecosystems handle this data.

Comparing Trackers to Smartphone Health Apps: Who’s Really Profiting?

Wearable manufacturers like Apple, Garmin, and Xiaomi generate revenue primarily from device sales, but they also earn recurring income through subscription services (e.g., Apple Fitness+) and data licensing deals. In 2023, Apple’s services segment, which includes health data partnerships, contributed $21 billion to its total revenue, according to the company’s earnings report.

Smartphone health apps - such as MyFitnessPal, Strava, and Google Fit - often operate on a freemium model, offering basic tracking for free while charging for premium features. These apps monetize user data by selling insights to nutrition brands, sports apparel companies, and research institutions. A 2021 Sensor Tower analysis showed that in-app purchases accounted for $1.8 billion in global health-app revenue, with a significant portion tied to data-driven personalization.

While both ecosystems trade health metrics, trackers lean heavily on hardware margins and corporate data-exchange agreements, whereas apps rely more on in-app purchases and advertising revenue linked to the data they collect. For instance, Strava’s “Summit” subscription unlocks advanced analytics for athletes, but the company also sells aggregated route data to city planners for urban design projects.

The profit split matters for users. When a device maker sells data, the user’s contribution is indirect - through the purchase price of the hardware. In contrast, app-based monetization can feel more immediate, as users may see ads or receive product recommendations that stem directly from their logged meals or workouts.


Beyond dollars, ethical considerations shape the future of movement science.

The Ethical Footprint: Why Transparent Data Practices Matter for Safe Movement

Transparent data governance builds trust, which is essential for programs that rely on accurate biometric feedback, such as physiotherapy apps or injury-prevention platforms. When users suspect their data might be misused, they may disable tracking features, reducing the effectiveness of interventions that depend on continuous monitoring.

Ethical considerations also extend to bias. A 2020 study in the Journal of Medical Internet Research found that risk-assessment algorithms trained on predominantly male, high-activity datasets overestimated cardiovascular risk for women and older adults. Without transparent data provenance, these biases can go unchecked, leading to unfair premium hikes or exclusion from wellness incentives.

Regulators are beginning to respond. The U.S. Federal Trade Commission (FTC) issued guidance in 2023 urging companies to provide “clear, conspicuous, and accessible” disclosures about health-data collection and sharing. Meanwhile, the European Union’s forthcoming AI Act will classify health-related data processing as high-risk, demanding rigorous impact assessments before deployment. In 2024, several U.S. states introduced “wearable privacy” bills that require explicit opt-in for any data resale.

For fitness professionals, adopting partners with strong privacy policies means their clients receive accurate, unbiased recommendations without the hidden cost of data exploitation. In practice, this translates to better adherence to movement programs and fewer legal headaches down the line.


So, how can you stay in control while still enjoying the benefits of connected fitness?

Protecting Your Steps: Practical Tips for the Privacy-Savvy Fitness Enthusiast

Start by reviewing the privacy policy of every device and app you use; look for sections titled “Data Sharing” or “Third-Party Partners.” If the language is vague, consider switching to a platform that offers granular consent controls.

Enable encrypted local storage whenever possible. Some wearables, like the Garmin Venu series, allow you to keep raw sensor data on the device and sync only summary metrics, reducing the amount of personally identifiable information that reaches the cloud.

Regularly audit app permissions on your phone. On Android, go to Settings → Privacy → Permission manager; on iOS, navigate to Settings → Privacy → Health. Revoke any apps that request continuous heart-rate access without a clear purpose.

Consider using a virtual private network (VPN) when syncing data over public Wi-Fi. A VPN encrypts the data in transit, making it harder for eavesdroppers to intercept your activity logs.

Finally, opt out of data-selling programs if the option exists. Companies like Fitbit offer an “Data Sharing Opt-Out” toggle in the account settings, which stops the flow of your anonymized data to third-party brokers.

Key Takeaways

  • Read privacy policies and look for clear data-sharing clauses.
  • Use devices that support encrypted local storage to limit cloud exposure.
  • Audit and limit app permissions regularly.
  • Employ a VPN when syncing over unsecured networks.
  • Opt out of data-selling programs whenever possible.

FAQ

How do fitness trackers share my data with third parties?

Most trackers upload raw sensor data to the company’s cloud, where it is aggregated, anonymized, and then sold or licensed to insurers, advertisers, and data brokers.

Can I stop my health data from being sold?

Yes. Many manufacturers provide an opt-out setting in account or device menus that prevents the sharing of anonymized data with third parties.

Do insurance companies really use my step count to set premiums?

Several insurers, including UnitedHealth and John Hancock, incorporate aggregated activity data into risk models, offering discounts to users who meet activity thresholds.

Is anonymized data truly safe from re-identification?

Research shows that with as few as 15 data points, individuals can often be re-identified, meaning anonymization is not foolproof.

What legal protections exist for my wearable data?

In the EU, GDPR classifies health data as special category information, requiring explicit consent. In the U.S., the FTC enforces against deceptive privacy practices, and new state laws are emerging.

How can I keep my data secure while still using my tracker?

Enable local encrypted storage, use a VPN for syncing, limit app permissions, and regularly review and update privacy settings.

Read more