Noyb has nothing good to say about the privacy and data exchange policy of health and fitness company Fitbit. The foundation claims that parent company Google forces new users to agree to have their data stored in the US and other countries. That’s why she has asked privacy regulators in the Netherlands, Austria and Italy to allow users to use the company’s app without having to agree to data transfers.
The Austrian Privacy Foundation wrote this in a press statement.
European Commission approves acquisition of Fitbit by Google
It is 2020 when Google announced its interest in Fitbit. Both consumer organizations and advocacy groups were concerned that their health data would be widely collected and sold to third parties for advertising purposes. The European Commission then decided to investigate the acquisition.
Google made several commitments to acquire Fitbit. For example, the search giant promised that the acquisition was not about data but about devices. User health data would not be sold to provide targeted advertising. Google also promised to open its APIs to other fitness tracker manufacturers. Consumers were then not obliged to use Google Fit as a health application when they bought a Fitbit.
The European Commission concluded that Google’s promises were sufficient to keep the wearables market open and competitive. Because users are not required to share their health data with Google, their privacy is protected.
‘Fitbit forces users to agree to data sharing policy’
On paper it seems like everything is well arranged. According to Noyb, practice is a lot more unruly. When creating a Fitbit account, European users are required to agree to Google’s data-sharing policy. It states, among other things, that health data can be stored in the US and other countries, even if Europeans do not enjoy the same privacy protection there as in the EU.
“In other words, Fitbit forces its users to consent to sharing sensitive data without giving them clear information about possible implications or the specific countries their data is going to. This results in consent that is not freely given, informed or specific, meaning that the consent clearly does not meet the requirements of the GDPR,” Noyb said.
Three consumers tried to find out what specific data Fitbit collected from them. None of them received a response from the company, which violates the right of access. That principle is laid down in Article 15 of the General Data Protection Regulation (GDPR). They then decided to contact the Austrian Privacy Foundation.
‘Inspection of your data requires a marathon’
“Fitbit wants you to give them a blank check, allowing them to send your data anywhere in the world. Considering that the company collects the most sensitive health data, it is surprising that it does not even try to explain how it uses this data, as required by law,” argues privacy lawyer Bernardo Armentano.
Noyb has asked the Dutch, Austrian and Italian regulators to put a stop to this. The foundation wants the privacy watchdogs to oblige Fitbit to share all information the company has about its users. The foundation also requires that users can use their Fitbit devices without agreeing to the data-sharing policy.
“Fitbit may be a nice app to track your fitness, but once you want to know more about how your data is handled, it requires a marathon,” said one of the plaintiffs. According to Noyb’s calculations, regulators could impose a fine on Alphabet, Google’s parent company, of almost 11.3 billion euros.
More Articles Here
Follow Us Here