An activity tracker designed for kids. What could go wrong? These wearables for kids come in cool designs from Marvel and Disney and have up to a year of battery life. They sure sound fun. That is, until kids learn parents can track not just steps, movement, and sleep but also CHORES! Garmin's Vivofit Jr 3 connects to an app via Bluetooth. The app lets parents track whether or not kids have done their chores, if they've moved for 60 minutes a day, if they actually went to sleep when they were supposed to and dole out rewards if they have. Now Mom and Dad can be Big Brother too!
What could happen if something goes wrong?
When your *Privacy Not Included researcher wanted to get a fitness tracking smartwatch to see how stressed out reading privacy policies made her, Garmin is what she went with. Because Garmin seems to do one of the best jobs handling the privacy and security of all the personal data fitness trackers collect, at least according to their really not that stressful privacy policy.
Here’s what this privacy researcher likes about Garmin. Yes, they do collect a good bit of personal information through the device and on the Garmin Connect app because that’s what a fitness tracking smartwatch does. And the Garmin Jr app also collects some personal data, but not as much as the Connect app. It’s good to know parents aren’t required to use the real name of their child when setting up the apps. Still, two apps is not exactly better than one, especially when it comes to data collection. These apps collect data like email address, device information, location, gender and all that body related data like physical activity, stress, sleep patterns, heat rate, pulse ox, and more. The good thing is, yes, they collect it, but they also seem to protect it.
Your “sharing with others” user settings in the Garmin Connect app are set to “private” by default. Which is great. You can choose to share your data with contacts if you wish, but you have to change your privacy settings to do that. Good work Garmin. Garmin also doesn’t share your personal information for advertising purposes with third parties. They ask you to opt-in rather than opt-out of consent to receive marketing communications from them. And their privacy policy is actually pretty good at laying out what data they collect, clearly explaining why they collect it, and how it is used. That’s all worth another, good work Garmin!
Garmin also seems to do a pretty good job securing the personal information they collect. However, they did suffer that very public ransomware attack in 2020. Ransomware attacks suck and it seems no company is safe from them these days. Good news though, no user data was actually compromised in that attack, so, once more, good work Garmin.
Garmin isn’t 100% perfect though. We do ding them because they don’t make it clear in their privacy policy that all users -- regardless of where they live and the privacy laws they live under -- have the same right to access and delete their data. Garmin told us they don’t deny any user those requests. However, it seems based on the way their privacy policy is worded, they could. Garmin told us they would revisit the wording in their privacy policy on this issue. Here’s hoping they make an update to clarify that soon.
Is your intrepid privacy researcher happy with her decision to get a Garmin fitness tracker? Yes, she is. Although it does make her a little nervous that she now leaves her phone's Bluetooth on all the time. But hey, knowing that body battery score is really cool! What’s the worst that could happen with your fun Garmin fitness tracking smartwatch? Well, hopefully nothing, but do beware if you link your data to other third party apps like Strave or MyFitnessPal. Those apps come with their own privacy policies and every time you share your personal information with someone else you increase the vulnerability of that personal information.
One final consideration. This device tracks the activity and sleep of a child. Parents should ask themselves, is this information something I want gathered and potentially accessible to others if there were a data leak or security vulnerability? Also, we think there is a good question to be raised about teaching young children that this level of digital surveillance in their lives is OK. Maybe we should track kids a little bit less, and teach them constant surveillance isn’t a good thing?
Tips to protect yourself
- Parents, keep a sharp eye on parent controls and permissions.
- Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: No
App: Yes
Microphone
Device: No
App: Yes
Tracks location
Device: Yes
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Parent's phone number and email and name (or nickname)
Body related
Child's activity, such as chores, rewards, steps, distance, activity time, and sleep
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
They did suffer that very public ransomware attack in 2020. No user data was compromised during this attack.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Garmin has an easy to find list of all privacy policies. The privacy policies are relatively simple to read.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Garmin devices and apps use a combination of asymmetric and symmetric encryption appropriate to the nature and function of the product, and data stored/transmitted.
Strong password
In order to use companion apps, an account with a strong password is required.
Security updates
Manages vulnerabilities
Privacy policy
Dive Deeper
-
The Best Smartwatches and Phones for KidsThe New York Times
-
The Best Smartwatches For Kids (And Parents) To Stay ConnectedForbes
-
Smartwatch Privacy for Kids During the Coronavirus PandemicCommon Sense
-
Garmin’s New Aviator Watch Partly Addresses a Risk the War in Ukraine Is Highlighting – MicrotargetingForbes
-
The Garmin Hack Was a WarningWired
-
Ransomware attack on Garmin thought to be the work of 'Evil Corp'The Guardian
Comments
Got a comment? Let us hear it.