Fitbit Ace 3
Motivating kids to move has gone high tech with Fitbit's Ace 3 for kids, a fitness tracker targeted at the 6 and up crowd. This little wristband comes with activity and sleep tracking, 8-days of battery life, and a way for kids to customize the face. Parents get parental controls where they can track their kids activity and approve connections with friends, set-up goals and rewards for activity, and encourage competition between their siblings. Gone are the days of Dad yelling at you to get off your lazy butt and go outside or Mom telling you to go to bed! Now there's a device for that.
What could happen if something goes wrong?
As of January 14, 2021, Google officially became the owner of Fitbit. That worried many privacy conscious users. However, Google promised that “Fitbit users’ health and wellness data won’t be used for Google ads and this data will be kept separate from other Google ad data” as part of the deal with global regulators when they bought Fitbit. This is good.
And Fitbit seems to do an OK job with privacy and security. Fitbit says they take extra privacy considerations for children including more limited data collection and parental controls. Fitbit also de-identifies the data it collects so it's (hopefully) not personally identifiable. We say hopefully because, depending on the kind of data, it’s been found to be pretty easy to de-anonymize these data sets and track down an individual’s patterns, especially with location data. So, be aware with Fitbit--or any fitness tracker--you are strapping on a device that tracks your location, heart rate, sleep patterns, and more. That's a lot of personal information gathered in one place.
What is not good is what can happen with all this very personal health data if others aren’t careful. A recent report showed that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third party company that allowed users to sync their health data from their fitness trackers didn’t secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness tracker users was left exposed because the company didn’t password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else, it could be vulnerable. And Fitbit partners with many third parties such as employers and insurance companies.
One final consideration. This device tracks the activity and sleep of a child. Parents should ask themselves, is this information something I want gathered and potentially accessible to others if there were a data leak or security vulnerability? Also, we think there is a good question to be raised about teaching young children that this level of digital surveillance in their lives is OK.
Tips to protect yourself
- Parents, keep a sharp eye on parent controls and permissions.
What can be used to sign up?
Parents must set up a family account for their children.
What data does the company collect?
Name, date of birth, gender
Height, weight, steps, active minutes, and hours of sleep.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
Unfortunately, Fitbit's security measures did not prevent the major data leak of 61 million fitness tracker data records, including Fitbit user data, by the third party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Got a comment? Let us hear it.