Vesper
ENESFRTR
Charts
Articles:SportsHealthHistoryTech
Markets
EUR/USD1.1630 0.30%GBP/USD1.3462 0.33%USD/JPY158.99 0.10%USD/CHF0.7836 0.36%AUD/USD0.7151 0.43%USD/CAD1.3805 0.03%USD/CNY6.8016 0.09%USD/INR95.82 0.13%USD/BRL5.0141 0.05%USD/ZAR16.40 0.47%USD/TRY45.68 0.07%Gold$4,566.10BTC$77,495 0.87%ETH$2,119 0.07%SOL$85.98 0.67%
Tech

Oura confirms government data demands but faces questions on disclosure

Hacker News1 d ago
ShareXWhatsAppTelegramLinkedIn
Helsinki, Finland coastline and harbour cityscape in daylight.
Photo: Antti Kulmanen / Pexels

Finland-based smart-ring maker Oura has confirmed for the first time on record that it receives requests for user data from governments. The company disclosed this in a response sent last week to TechCrunch sister publication This Week in Security. However, whether the company will publish these requests in a numerical transparency report remains unclear.

Oura is known for its smart-ring product that collects biometric data. The rings, used for health and sleep-metric tracking, continuously collect body temperature, heart rate, blood-oxygen level, motion and sleep-pattern data. The company's global user base exceeds 2.5 million.

Responding to This Week in Security's questions, an Oura spokesperson said: 'Our company is under the obligation to respond to data requests made under applicable legal frameworks. Within this process, maintaining privacy and user rights at the highest level is our priority.' The spokesperson, however, did not share specific data on the number of requests received or how many were approved.

The company's privacy policy had previously included a statement that 'data sharing may occur as required by applicable legal process', but there was no explicit confirmation that government requests had in fact been received. This week's statement from Oura is its first open declaration.

The topic surfaced following news of Oura's IPO filing. The company filed for an IPO with the SEC on 22 May, with an expected valuation of $6 billion. SEC filings list user-data policies among risk factors.

Electronic Frontier Foundation (EFF) spokesperson Eva Galperin called the disclosure 'an important step', adding: 'But true transparency requires numerical reporting. Apple, Google, Meta, Twitter — all the major industry players publish twice-yearly reports with the number of government requests and their compliance rates. Oura should adopt the same standard.'

This industry practice developed alongside the 'transparency report' movement of the 2010-2014 period. Google had published its first transparency report in 2010; Apple, Microsoft and Meta followed in subsequent years. These twice-yearly reports include, by country of government request, the number of requests received, the number of content takedown requests, and the compliance rates.

What is striking about Oura's specific situation is the health-biometric character of the data it collects. Sleep patterns, heart-rate variability and body-temperature data carry more sensitive information than ordinary communication metadata. Yale School of Medicine Professor of Health Informatics Dr Karandeep Singh said: 'Biometric data allows inferences to be made about a person's medical condition; this is a category that legally and ethically should be protected at higher standards.'

In the US and EU data-protection frameworks, biometric data falls under 'special categories'. EU General Data Protection Regulation (GDPR) Article 9 makes the processing of biometric data subject to special consent. In the US there is no federal biometric data law; state-level regulations (such as Illinois BIPA) differ.

More comprehensive disclosures from Oura on privacy are expected ahead of the IPO. Investors will gain more detailed information following the S-1 filing in the SEC process. This article is general information; independent sources are recommended for individual data privacy decisions.

This article is an AI-curated summary based on Hacker News. The illustration is a stock photo by Antti Kulmanen from Pexels.