Oura declines to disclose government data request volumes amid privacy scrutiny
The $11 billion firm confirms it receives government demands for user data but refuses to publish aggregate figures, reversing previous indications it was evaluating a transparency report.
Health wearable manufacturer Oura has confirmed it receives infrequent requests from government authorities for user data, though the company has declined to disclose the specific frequency of these demands or the volume of information shared. The firm states it reviews each request for legality, scope, and necessity, and challenges those deemed invalid or overbroad. This confirmation follows a period of heightened scrutiny regarding the company’s data handling practices and its previous indications that it was evaluating how to publish aggregate figures.
The company’s stance on transparency has shifted significantly. While an Oura spokesperson previously stated the firm was "actively evaluating how to share aggregate data in a way that maintains security," recent inquiries regarding the release of a transparency report have gone unanswered. This silence marks a departure from the firm’s earlier responsiveness and contrasts with the industry norm established after the 2013 NSA surveillance scandal, where many technology companies began releasing semi-annual reports to counter claims of secret data handovers.
Privacy concerns remain central to the debate, particularly regarding Oura’s encryption protocols. The company’s data is not end-to-end encrypted, meaning health information such as heart rate, sleep patterns, and location data can be unscrambled as it travels from the ring to servers. Oura has confirmed that its storage design allows some staff to access user data, a common practice for troubleshooting or cost reasons, but one that also implies potential access by prosecutors with warrants, hackers with stolen keys, or disgruntled insiders.
The scale of Oura’s operations amplifies these privacy implications. Valued at over $11 billion and having sold more than 5.5 million rings, the company is one of the largest health tech wearable makers ahead of an anticipated public listing. This market position carries a responsibility to ensure user data is secure, especially given the sensitive nature of the biometric information collected. The lack of end-to-end encryption means that the data is accessible in plaintext at various points in the transmission and storage process.
This issue gained prominence last year when Oura faced a social media backlash after signing a deal with the Department of Defense and Palantir. The partnership raised fears among customers that their data could be accessed by the Trump administration. While the company has not provided details on whether any of the negative access scenarios, such as a breach by hackers or insiders, have occurred, the reporter notes that at least one such incident has taken place. As the frontrunner in the health wearables market, Oura’s refusal to publish demand statistics leaves investors and users without clear visibility into how often the government successfully obtains user information.
