Withings Body Scale
Health & Exercise Holiday Guide 2023 Smart Home Smart Scales

Withings Body Scale

Withings
Wi-Fi Bluetooth

Review date: Nov. 1, 2023

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Somewhat creepy

For those of us who don't live with a doctor, there's the Withings Body smart scales. They do everything from weigh you to measure your heart rate, water percentage, bone and muscle mass. It takes all that personal information and shares it with an app on your phone where you can set up personalized programs to keep your weight right where you want it. If you have the willpower, that is. Good news, Withings is pretty good at privacy, so not too many worries about them oversharing the fact that you've gained a few pounds.

What could happen if something goes wrong?

Withings says that “[r]espect for privacy is a core principle that we place at the heart of our strategy for developing our Products and Services.” Better, they seem to sincerely mean it. They actually apply the European Union's stronger privacy regulation GDPR all over the world, even in places they don't have to apply strong privacy laws. That's so cool! If more companies could do this we'd be so happy.

They don't sell your data and have an easy to read privacy policy. They don’t share your data except when they legitimately need to, like to supply you their products and services. They treat health data with extra caution (as they should!) and have the credentials to prove it. It’s super refreshing to see! Especially when ~certain brands~ can sometimes be more focused on marketing the fact that they care about your privacy than on actually protecting it.

We’re kinda speechless honestly since we usually use this space to air our grievances. Withings even created a handy guide about “How to manage and protect your Withings data.” This might be a first. It tells you about all of the health data that’s collected, how you can import more, how you can download it, delete it, and other helpful advice. It seems like Withings genuinely wants to put you in control of your health data which feels, sadly, super rare in the whole health-tracking space. Bravo, Withings! (They’re French.)

This is all great news for a device that knows how much you weigh, what your body fat percentage is, and how much water you are retaining. No one but you (or maybe your doctor) really needs to know all that.

Tips to protect yourself

  • Check the comprehensive Privacy User guide to check all your options.
  • Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: No

App: No

Tracks location

Device: No

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Privacy Policy Withings

"GDPR means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. WITHINGS applies the GDPR all over the world."

"We collect Personal Data from you in order to provide the different purposes listed below. If you do not wish to provide it, you will not be able to access certain parts of the Products and Services, or services offered by our customer support.
LIST OF PROCESSING.
A) USE OF OUR PRODUCTS AND SERVICES [...]
B) COMMUNICATION & SUPPORT [...]
C) SECURITY AND EXERCISING YOUR RIGHTS
D) RESEARCH & DEVELOPMENT
1. Sending out "Research Questionnaires" and analyzing the responses received
PROCESSED DATA: User ID. The content of the questionnaire varies according to the issues addressed
BASIS FOR THE PROCESSING: Consent of the person filling in the questionnaire
RETENTION PERIOD: Pseudonymized Data is retained until the account removal
2. Anonymization of data for research purposes
PROCESSED DATA: Health data needed to conduct the study
BASIS FOR THE PROCESSING: Your consent
3. Product and Service Improvement (including algorithm performance improvement and statistics))
PROCESSED DATA: The relevant data related to the realization of these treatments. It is exclusively pseudonymized data
BASIS FOR THE PROCESSING: Legitimate interest
RETENTION PERIOD: Personal data is kept until the user account is deleted"

" We only share such data in circumstances described below: [...]
c. Use of our subcontractors. We share certain Data with subcontractors, who are experts in their field, in order to supply the Products and Services. Our subcontractors are required to comply with both the GDPR. They process the shared Data only for the intended purpose. Our subcontractors help us to provide you with high quality products and services, please find the list of subcontractors here.
d. Use of ScanWatch in the United States. WITHINGS may share certain personal information (name, date of birth, email, address, phone number) with Heartbeat Health, a U.S. company, which provides you with services such as the prescription necessary for the ECG functionality of the device, the organization of teleconsultations with our health professional partners, the provision of advice on your health. Your consent to receive text messages from Heartbeat Health is required to activate the ECG functionality on your device. Please see Heartbeat Health's privacy policy for more information..."

"Legal reasons. We may share Personal Data relating to you when required by law, upon request of a court, in connection with a legal proceeding, or if we believe in good faith that disclosure is reasonably necessary to (a) investigate, prevent, or take action regarding suspected or actual unlawful activities, or to assist public authorities; (b) investigate and defend against any third-party claims or accusations; or (c) protect our Services’ security or integrity. We will notify you of any legal proceedings that require access to your Data, unless we are prohibited by law from doing so. Where a court order specifies a period of non-disclosure of the request to data subjects, we will send you a deferred notification after the non-disclosure period has expired."

How can you control your data?

Privacy Policy Withings

This Policy applies uniformly to all Users of the Withings App, regardless of where you live. We take into consideration the regulations on the protection of personal data applicable to the markets in which WITHINGS sells its Products and Services.

"You may exercise your rights by contacting us at [email protected].
7.1. YOUR RIGHTS. You may exercise the following rights independently or with our assistance.
a. Right of Access. ou can access the Personal Data about you processed, collected or stored by WITHINGS. You can find this information directly from your account or via Customer support.
b. Right of rectification. If you find that the data about you is inaccurate, you have the right to request its correction. Some personal data can be changed directly from your Withings App account.
c. Right of Limitation and Right to Object. If you find that any data about you is inaccurate, you may ask us to stop processing that data until the situation is corrected. You may also ask Us to stop processing Data relating to you.
d. Right to Erasure. You may request the deletion of Personal Data relating to you. We will assist you in deleting Personal Data your account or Customer Support."

"The retention period indicated in the list of treatments depends on the type of data, the purpose or our legal obligations. If you ask us to do so, WITHINGS will delete your data from its servers and will ask its subcontractors involved in the processing to perform the same operation. We use subcontractors to manage backup data. This data will be used in case of operational problems to ensure the continuity of our services and products. Please note that, for security reasons, we are not able to reflect the deletion or modification of data on backups already made, in order to protect the integrity of the backup data."

"If you have chosen to share your data from WITHINGS Products and Services with third parties, we cannot ensure the deletion or anonymization of such data. We invite you to contact the third party for more information. "

"At any time, you can withdraw your consent. To do so, simply:
Delete your account (here) ;
Uncheck "Research Center" in your notification center (Android / iOS) ;
Remove the connection with third-party applications ;
Remove double authentication in your account settings (Android / iOS) ;
Uncheck "Promotional offer" in your notification center (Android / iOS)."

Privacy guide
"Once your Withings account has been deleted, all data from all users of the account will be lost. We recommend that
you export your data before deleting your account. Refer to “Exporting your data” on page 22 for more information.
You can delete your account anytime you want. To do so, perform the following steps:
1. Navigate to the Web Dashboard.
2. Select your avatar in the top right corner and select “Settings.”
3. Select the user you want to delete.
4. Select “Delete user” at the bottom of the page.
The account management screen is displayed.
5. Select any users that you want to delete and select “Delete.”
Note: Make sure you delete all secondary users before trying to delete the main user. If you change your mind at this
stage, simply select “Reactivate.”
6. Select “Delete Account.”
At this stage, you have the option of exporting the data of each user by selecting “Download.” Make sure you export
the data before all your data is lost. If you change your mind at this point, you can also select “I don’t want to delete my
account. Take me back!”
7. Select “Delete My Account.”

What is the company’s known track record of protecting users’ data?

Average

Withings was heavily criticized in 2023 for presenting the new product: Withings’ U-Scan, an in-home, WiFi-connected urinalysis device meant to soon read one’s urine composition for health factors regarding pH balance, nutrition, and even users’ menstrual cycles.

The product earned the CES ‘Worst in Show 2023’ award in 'Privacy' nomination - from PIRG, JerryRigEverything, iFixit, Repair.org, EFF, Consumer Reports, and SecuRepairs.

“The U-Scan is a body surveillance device that indefinitely stores your private health data, including information about pregnancy and fertility,” writes Caitlin Seeley George, campaign director for the digital privacy rights advocacy group, Fight for the Future.On Withings’ legal policy page, the company notes that they “may be compelled by the law to disclose your personal data to some authorities or other third parties, such as the the law enforcement or legal authorities.”

Child Privacy Information

No children-related privacy information found.

Can this product be used offline?

No

You will need either WiFi or Bluetooth to use this device.

User-friendly privacy information?

Yes

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

You access the device through the Withings HealthMate app, which requires a unique password.

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • The Best Smart Scale
    Wirecutter Link opens in a new tab
  • ‘And the winner is…’ CES ‘Worst in Show 2023’ recipients
    PIRG Link opens in a new tab
  • Privacy advocates are worried about a newly unveiled pee-analysis gadget
    Popular Science Link opens in a new tab

Comments

Got a comment? Let us hear it.