Fitbit calls this a "fashion forward" fitness and wellness wristband that will help boost your mind, body, and health. That's a lot of responsibilities to put on one little gadget. If you want a fitness tracker that tracks all the things fitness trackers track -- steps, heart rate, stress, sleep, and more -- but doesn't look like a gaudy gadget on your wrist, here you go. Accessorize away with a variety fancy bracelet like straps. As they say, look good, feel good.
What could happen if something goes wrong?
As of January 14, 2021, Google officially became the owner of Fitbit. That worried many privacy conscious users. However, Google promised that “Fitbit users’ health and wellness data won't be used for Google ads and this data will be kept separate from other Google ad data” for at least 10 years as part of the deal with global regulators. However, Fitbit and Google announced in 2022 that a Google account will be required for some uses of Fitbit starting in 2023. And in 2025, Google accounts will likely be required to use a Fitbit, indicating Google has plans to bring Fitbit users into the Google ecosystem as much as they can.
What’s this mean? Well, Fitbit can collect a good amount of data, as most fitness trackers do. They say they collect things such as name, email address, phone number, birthdate, gender, height, weight, location, wi-fi access points, and of course all the body related data like steps, activity, sleep, stress, calories burned, and more. Fitbit also says they can collect data from third parties social media sites like Facebook and Google if you choose to connect them (please, don’t) and from employers and insurance companies if you choose to share to receive wellness benefits or discounted or free services (again, not a good idea).
Fitbit also says it can share non-personal information that has been de-identified or aggregated. This is pretty common, but still, can be a bit of a concern as it’s been found to be pretty easy to de-anonymize these data sets and track down an individual’s patterns, especially with location data. So, be aware with Fitbit--or any fitness tracker--you are strapping on a device that tracks your location, heart rate, sleep patterns, and more. That's a lot of personal information gathered in one place.
What’s the worst that could happen with a Fitbit and all the personal and health related data it can collect? Well, in 2021 it was reported that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else including third party apps, your employer, or a insurance company, it could be vulnerable.I don’t know about you, but I don’t need the world to know my weight, how well I sleep, and where I live. That’s really dang creepy.
Tips to protect yourself
- Follow Fitbit's advice to keep your stats private
- Stop sharing friends' lists: Under “Friends” on your profile page, select Privacy Setting and then Private.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
What can be used to sign up?
According to Google, a Google account will be required for some uses of Fitbit starting in 2023, with all users likely needing Google accounts to use Fitbit in 2025. "In 2023 we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account. After the date of this launch, some uses of Fitbit will require a Google account"
What data does the company collect?
Name, date of birth, gender, photo (optional)
Heart rate, movement, sleep data, menstrual cycle, and more
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In 2021 Fitbit's security measures did not prevent the major data leak of 61 million fitness tracker data records, including Fitbit user data, by the third-party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.
In 2020, it was reported the emails and passwords of nearly 2 million Fitbit users was leaked online.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
To create a Fitbit account, users are required to provide strong, complex, passwords during onboarding.
FitBit Coach and FitBit Care services are said to be based on Machine Learning
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Fitbit Setup RequirementsFitbit
Fitbit users will be forced to migrate to Google accounts by 2025The Verge
Fitbit Increases Security Requirements, Mandates Google Login From 2023Infosecurity
Google’s New Plan to Make Fitbit Data More Useful for HealthcareHealth Tech Insider
2 Million Fitbit Accounts Were Exposed by CybercriminalsHackerNoon
Standard Privacy Report for FitbitCommon Sense
Google Now Owns Fitbit: What It Means For Your Fitness Data PrivacyForbes
61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data BreachHealth IT Security
Google closes $2.1B acquisition of Fitbit as Justice Department probe continuesFierce Healthcare
Here's what your Fitbit knows about youAvast
Fitbit Joins GoogleFitbit
Got a comment? Let us hear it.