arrow_backBack to news feed
Industry NewsPublished: July 14, 2026

Samsung Health AI Training Opt-Out Threatens Data Deletion: Privacy Backlash Intensifies

Reported by llmdb News Desk

Executive Summary

"Samsung Health requires users to allow AI training on their health data to retain it; opting out triggers data deletion, sparking privacy concerns and comparisons to past corporate data practices."

Background & Context§

Samsung Health, the health-tracking platform pre-installed on millions of Samsung Galaxy devices, has ignited a fresh privacy controversy. The app collects sensitive health data including sleep patterns, medications, medical records, and menstrual cycle tracking. Recently, users discovered that Samsung is conditioning the retention of this data on consent to use it for AI training. If users opt out of AI training, the company threatens to delete their health data entirely. This policy has drawn sharp criticism from privacy advocates and regulatory bodies, especially under Europe's GDPR, where such practices could face severe penalties. The move underscores a growing tension between tech companies' AI ambitions and users' rights to data privacy and control.

The News: What Happened Exactly§

According to reports, Samsung Health now presents users with a toggle during setup that seems to conflate two distinct actions: consent to process health data (which is necessary for the app to function) and consent to use that data for AI training. The wording reportedly implies that if users decline AI training, their health data will be deleted. This has led to widespread confusion and anger. On Hacker News, users speculated about the exact wording, with one commenter noting, "Are we sure this isn’t the text for the ‘consent to process health data’ toggle that is on the same screen?" The ambiguity suggests that Samsung may be deliberately blurring the lines between essential data processing and optional AI training.

Samsung plans to grab four categories of data: sleep, medications, medical records, and cycle tracking details. This is particularly alarming given the sensitivity of medical records and reproductive health data. One user remarked, "So you buy a device but you can't effectively use half of its features because you'd also have to agree to send them your medical records?" The threat of data deletion effectively coerces users into consenting to AI training if they want to keep their own health history. Another commenter highlighted the irony: "In some way they are telling that they respect your privacy. Or they have your data (and then do something with it, now or later), or no one will." The catch-22 is that users lose either their privacy or their data.

From a regulatory standpoint, this appears to violate GDPR principles. GDPR requires that consent be freely given, specific, informed, and unambiguous. Tying AI training consent to data retention is not freely given because it's bundled with the core service. One HN user predicted, "shouldn't this get them turbo obliterated in europe?" Another noted that best practices dictate immediate disclosure of what data is used, stored, and why; failure to do so should mean no storage at all. Samsung's approach seems designed to minimize opt-outs by making them costly, which is a hallmark of dark patterns. The company could provide Google-style data takeout before deletion, but as one commenter pointed out, that data may be useless without Samsung's proprietary software.

Historical Parallels & Similar Incidents§

This is not the first time a major tech company has coerced users into sharing data for AI training under threat of losing access to core features. A stark parallel is Google's approach with its Ultra AI for personal accounts. When Google launched Ultra, users discovered that the only way to disable AI training on their data was to disable chat history entirely, which crippled the service's usefulness. For personal accounts, there was no option to retain history while opting out of training. However, for Google Workspace accounts, that option existed, highlighting a tiered privacy approach that favored business customers. One Hacker News user recounted, "I signed up to see what it was like and then assumed I would be able to disable training on my data as a paid customer. The only way to disable training on paid personal accounts is to disable history... which makes the service much less useful." This mirrors Samsung's strategy: make the privacy-friendly option so detrimental that users reluctantly consent.

Another historical incident involves Amazon's Ring doorbell cameras. In 2020, Amazon began requiring Ring users to enable two-factor authentication or face account lockout—a security improvement, but one that was imposed without granular control. More relevantly, fitness tracking company Fitbit (now Google) has faced scrutiny over data sharing with insurers and researchers. In 2020, Fitbit allowed users to opt out of data sharing for research, but critics argued that the opt-out was buried in settings and not prominently disclosed. The Samsung case takes this a step further by directly linking data retention to AI consent, creating a zero-sum choice. These examples illustrate a pattern: companies leverage customer data as a bargaining chip, forcing users to choose between privacy and functionality. The lesson is that regulatory pushback (e.g., GDPR fines) can force companies to redesign such dark patterns, but only if enforcement is swift and severe. Otherwise, user-hostile defaults become industry norms.

Comparisons to Apple's Approach§

In contrast, Apple Health adopts end-to-end encryption (E2EE) for health data by default, a stance that Samsung's critics have highlighted. One Hacker News commenter stated, "Apple has default E2EE on health data, which I respect." However, they noted that Apple still falls short with iMessage backups not being E2EE by default unless Advanced Data Protection is enabled. This underscores that even privacy-forward companies have gaps. The Samsung saga, however, is more egregious because it actively penalizes privacy-conscious users. The technical community is increasingly calling for regulatory action: one commenter demanded, "Samsung should be fined out of existence for this." While hyperbolic, it reflects the sentiment that such practices are unacceptable for health data, which is among the most sensitive personal information. The incident also highlights the need for standard data deletion and portability mechanisms—users should be able to export and delete their data without sacrificing app functionality. Samsung's policy, if unchallenged, sets a dangerous precedent for AI training consent across the wearable industry.

Industry Implications§

This controversy arrives at a time when AI training on personal data is under intense scrutiny. The EU's AI Act and GDPR are tightening rules, and companies like Samsung risk hefty fines and reputational damage. The Samsung Health case could become a test case for whether regulators view this as a violation of the 'data minimization' principle—collect only what is necessary and delete when no longer needed. If regulators side with users, they could force Samsung to decouple AI training consent from data retention. The outcome will likely influence how other smartwatch and health app makers design their consent flows. For now, the developer and data scientist community watches closely, as the tension between AI model improvement and user privacy continues to define the next frontier of tech regulation.

SHARE NEWS: