If you're not clear on why a device, app or service needs a certain kind of information, be wary. The company isn't necessary doing anything suspect with the information, but it should make it clear why they're collecting certain types of data.
"The bigger concern is who they will share [your data] with," Gillula says. "Usually they will either say, 'We share it with third parties but only when they agree to protect your data in the same way that we do,' or they'll say they share it with third parties in the course of 'normal business operations.'"
Gillula says you should beware of companies that state they may share your data with third parties or "partners" so that they can deliver ads or to help develop new products and services. "That is usually a red flag. They're giving the information to other parties. From there, who knows where it goes?"
If a company sells or exchanges data that's not directly connected to anything you have specifically requested, or that's not specific to the service you're getting, you may want to be wary, according to Gillula.
Ruby Zefo, Vice President, Legal and Corporate Affairs and Associate General Counsel, Chief Privacy and Security Counsel, Intel
"If you're just relying on the band itself and you never really take a close look at the app or the reports, you may miss what some of the sensors are catching," Zefo says. "You want to be clear on the information being collected. You also want to see if the information is being transferred somewhere else."
Zefo suggests looking for statements on how the company protects your data after it is collected.
"I have chosen to allow the device to collect information that I know it's collecting. That was a decision I made. I know how it's being analyzed," Zefo says. "That's OK with me, but I don't want someone else getting that data that shouldn't have it."
If you see a company trying to reserve its rights to share data very broadly, be wary.
"It doesn't mean they're doing anything nefarious with it," Zefo says. "But it makes it harder to determine what exactly they're doing with it. It may be worth an email to customer service to ask for the details, if it seems like it's overly broad."
Kevin Haley, Director, Symantec Security Response
Haley recognizes that today's privacy policies aren't user friendly — but, at this point, it's the user's responsibility to protect his own privacy by reading the policies. "Companies have a responsibility to make clear what they're doing," he says. "It shouldn't be on the user to have to go through those polices. We're not all lawyers."