Fitbit Ace 3

Fitbit Ace 3

Google
Bluetooth

Review date: Nov. 9, 2022

|
|

Mozilla says

|
People voted: Very creepy

Motivating kids to move has gone high tech with Fitbit's Ace 3 for kids, a fitness tracker targeted at the 6 and up crowd. This little wristband comes with activity and sleep tracking, 8-days of battery life, and a way for kids to customize the face. Parents get parental controls where they can track their kids activity and approve connections with friends, set-up goals and rewards for activity, and encourage competition between their siblings. Gone are the days of Dad yelling at you to get off your lazy butt and go outside or Mom telling you to go to bed! Now there's a device for that.

How does this fitness tracker for kids do when it comes to privacy? Well, it's a fitness tracker for kids, so, there's that. But, Fitbit and Google aren't terrible at privacy exactly. So, there's also that.

What could happen if something goes wrong?

As of January 14, 2021, Google officially became the owner of Fitbit. That worried many privacy conscious users. However, Google promised that “Fitbit users’ health and wellness data won't be used for Google ads and this data will be kept separate from other Google ad data” for at least 10 years as part of the deal with global regulators. However, Fitbit and Google announced in 2022 that a Google account will be required for some uses of Fitbit starting in 2023. And in 2025, Google accounts will likely be required to use a Fitbit, indicating Google has plans to bring Fitbit users into the Google ecosystem as much as they can.

What’s this mean? As a parent, you must create a Fitbit account (or soon, a Google account) and then from there create a family account where you will create an account for your kid to use the Fitbit Ace. And remember, Fitbit can collect a good amount of data, as most fitness trackers do. They say they collect things such as name, date of birth, gender, height, and weight of your child if you choose to provide it as well as body related data like steps, activity, sleep, and more. Fitbit also says they can collect data on things like IP addresses, app and mobile device information (including cookie and application identifiers) when your kid accesses their account. Fitbit does say they limit some of the sharing of personal information of your kids with the limited connections you set up for them in the app. However, they do say they can share some personal information of your child for things like external processes through business affiliates and service providers and if their business is sold.

And remember, all this applies to children up to the age of 13. Once your child turns 13 (or the eligible age for kids in your country), then Fitbit says your child will be eligible to independently manage their own account if they choose, and you as a parent will no longer have access or control over it through your Fitibt account.

Also remember, Fitbit can collect data from third parties social media sites like Facebook and Google on your main Fitibit account if you choose to connect them (please, don’t) and from employers and insurance companies if you choose to share to receive wellness benefits or discounted or free services (again, not a good idea).

How does Fitbit use all this personal information it collects? Well, the good news is their privacy policy says they never sell your data. They also say they can share your personal information (from you main account, not from your child’s account) with advertising partners for targeted, interest-based advertising across the internet, which isn’t good news. And they say they can use that information to make inferences about you to show you more relevant content -- like using your sleep data to show you content to help you sleep better, which I’m pretty sure wouldn’t actually help me sleep better. So yeah, your Fitbit data is being used to show you ads and keep you using the platform as much as possible. Not surprising, but not great either.

Fitbit also says it can share non-personal information that has been de-identified or aggregated. This is pretty common, but still, can be a bit of a concern as it’s been found to be pretty easy to de-anonymize these data sets and track down an individual’s patterns, especially with location data. So, be aware with Fitbit--or any fitness tracker--you are strapping on a device that tracks your location, heart rate, sleep patterns, and more. That's a lot of personal information gathered in one place.

What’s the worst that could happen with a Fitbit and all the personal and health related data it can collect? Well, in 2021 it was reported that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else including third party apps, your employer, or a insurance company, it could be vulnerable. And with your children’s data, well, that’s something you probably don’t want to get in the hands of anyone else. No one needs to know your kid’s sleeping patterns..

One final consideration. This device tracks the activity and sleep of a child. Parents should ask themselves, is this information something I want gathered and potentially accessible to others if there were a data leak or security vulnerability? Also, we think there is a good question to be raised about teaching young children that this level of digital surveillance in their lives is OK. Maybe we should track kids a little bit less, and teach them constant surveillance isn’t a good thing?

Tips to protect yourself

  • Parents, keep a sharp eye on parent controls and permissions.
  • Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: No

App: Yes

Tracks location

Device: No

App: Yes

What can be used to sign up?

Parents must set up a family account for their children. According to Google, a Google account will be required for some uses of Fitbit starting in 2023, with all users likely needing Google accounts to use Fitbit in 2025. "In 2023 we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account. After the date of this launch, some uses of Fitbit will require a Google account"

What data does the company collect?

How does the company use this data?

"We never sell the personal information of our users. We do not share your personal information except in the limited circumstances described below: [...] FOR EXTERNAL PROCESSING, [...] FOR LEGAL REASONS OR TO PREVENT HARM, "

"We never sell the personal information of our users. We do work with partners who provide us with advertising services as described in the Analytics and Advertising Services Provided By Others section. To learn more about how these partners collect data and your options for controlling the use of your information for interest-based advertising, please read our Cookie Use statement"

Fitbit says they can share your data with third-parties for targeted, interest-based advertising. "We work with partners who provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving advertisements on our behalf across the internet, and measuring the performance of those advertisements. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications. To learn more and about your privacy choices, please read our Cookie Use statement."

Fitbit says that they transfer information to their corporate affiliates, service providers, and other partners: "We transfer information to our corporate affiliates, service providers, and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys."

"We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services."

How can you control your data?

"As a parent, you have control of any child’s account within your family account. Once you have signed in to your Fitbit account, verified your email address, and created a family account you can create an account for your child. You can view your child’s complete account at any time through your family account.

If at any time you wish to stop further collection or use of your child's information, you can delete your child’s account by either (1) contacting Customer Support, or (2) deleting your child from the family account and confirming your intent to delete the account in the email we send you."

What is the company’s known track record of protecting users’ data?

Average

In 2021 Fitbit's security measures did not prevent the major data leak of 61 million fitness tracker data records, including Fitbit user data, by the third-party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.

In 2020, it was reported that the emails and passwords of nearly 2 million Fitbit users were leaked online.

Child Privacy Information

When your child turns 13 (or any higher minimum age required for the creation of a Fitbit account without parental consent in your country), he or she will be eligible to independently manage his or her account. If your child chooses to manage his or her Fitbit account, you will no longer have access to, or be able to exercise control over it through your Fitbit account.

Can this product be used offline?

Yes

User-friendly privacy information?

Yes

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

No

*Privacy Not Included

Dive Deeper

  • Kids Fitbits? Hidden Dangers For Parents to Watch Out For
    Bark Link opens in a new tab
  • The Best Smartwatches and Phones for Kids
    The New York Times Link opens in a new tab
  • Fitbit Setup Requirements
    Fitbit Link opens in a new tab
  • Fitbit users will be forced to migrate to Google accounts by 2025
    The Verge Link opens in a new tab
  • Fitbit Increases Security Requirements, Mandates Google Login From 2023
    Infosecurity Link opens in a new tab
  • Google’s New Plan to Make Fitbit Data More Useful for Healthcare
    Health Tech Insider Link opens in a new tab
  • 2 Million Fitbit Accounts Were Exposed by Cybercriminals
    HackerNoon Link opens in a new tab
  • Standard Privacy Report for Fitbit
    Common Sense Link opens in a new tab
  • Privacy and Security Evaluation of the Fitbit Ace 2
    Common Sense Link opens in a new tab
  • Privacy Evaluation for Fitbit
    Common Sense Link opens in a new tab
  • The Best Smartwatches For Kids (And Parents) To Stay Connected
    Forbes Link opens in a new tab
  • Smartwatch Privacy for Kids During the Coronavirus Pandemic
    Common Sense Link opens in a new tab
  • Google Now Owns Fitbit: What It Means For Your Fitness Data Privacy
    Forbes Link opens in a new tab
  • 61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data Breach
    Health IT Security Link opens in a new tab
  • Google closes $2.1B acquisition of Fitbit as Justice Department probe continues
    Fierce Healthcare Link opens in a new tab
  • Here's what your Fitbit knows about you
    Avast Link opens in a new tab
  • Fitbit Joins Google
    Fitbit Link opens in a new tab

Comments

Got a comment? Let us hear it.