This document summarizes the current state of research on data privacy and fitness trackers. It begins with an overview of data privacy laws in the EU and US, noting that the EU has stronger protections over personal data with the General Data Protection Regulation (GDPR). The following sections summarize the limited existing research on data privacy issues related to fitness trackers, including lack of user control over data collection and risks of third-party inference attacks. User studies provide insights into perceptions and behaviors around privacy and fitness data. Overall, the document finds that legal protections for health-related information are becoming more important and the GDPR establishes improved privacy standards, though it is unclear if the new EU-US Privacy Shield agreement is adequate. More research attention