Wearable devices collect an unprecedented amount of information from the most private facet of our lives—our bodies. As the technology grows, so too do concerns about protecting the privacy of the massive amounts of data collected. This Note presents the existing regulatory framework protecting data privacy, reviews the role of regulatory agencies, and ultimately exposes the gap between the protection of certain types of sensitive data and the lack of protection for all other data collected from the body through wearable devices. The solution to fill the gap lies in using the privacy principles of notice, choice, and consent in the United States’ self-regulating system. Incorporating these fundamental principles will raise the privacy bar through industry standards and protect against potential onerous con-sequences in a global industry with rapidly evolving regulation.