Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno
Want a watch that brings together Google and Fitbit in one device (one device, but you'll need both Google and Fitbit apps) Then Google's Pixel Watch 2 is for you. Updated in 2023, Google says the Pixel Watch 2 is now more precise and accurate at such things as measuring your heart rate, skin temperature, and signs of stress thanks to three -- THREE! -- all new sensors. Yay for sensors. Google says the watch can really help you manage your stress. Which is good because managing all the apps you need to use your Google Pixel Watch 2 sounds a bit stressful. Oh, and you'll need a Google account and an Android phone to use your Pixel Watch 2 as well. But what about privacy? Well, given that you're sharing data with Google and Fitbit (owned by Google), you just might need all those extra sensors to manage the stress of managing your privacy.
Co się może stać, jeśli coś pójdzie nie tak?
Google and Fitbit got married in 2021. In 2022, they released the first Google Pixel Watch. Now in 2023, we've got the Google Pixel Watch 2, a smartwatch they say comes with “Help by Google. Health by Fitbit.” What’s that mean for privacy? Well, first off, good luck figuring out which privacy policy applies to the new Google Pixel Watch. Is it Google’s privacy policies? Fitbits' privacy policies? Turns out, it’s both. Yup, welcome to your new privacy nightmare.
The Google Pixel Watch 2 actually needs two apps to do everything. There’s the Google Pixel Watch app that lets users set up and manage the watch on your Android device (sorry iOS users, no support for you). That app links to this privacy policy for Google which takes a good long while to read, especially if you also read through their other privacy documentation like how they use your location data and your personal information for advertising...yikes!). Then you can download and set up the Fitbit app on your device and use it to collect all that health data like activity, stress, sleep patterns, menstrual cycle tracking, and more. That app uses the Fitbit privacy policy. Oh, and what privacy policy applies to the device itself you ask? Well, according to Google’s customer service rep, the Google privacy policy applies to the device. Got it?
Good luck finding any of that information in the Fitbit or Google product pages where they sell the device though. You won’t. See, we just saved you so much time. However, it’ll take you hours to sort through the Google and Fitbit privacy policies to try and understand what data this smartwatch collects, how it is shared (good news though, neither Google or Fitbit say they sell data, so at least there’s that), who has access to it, and how you can delete it if you want. One thing to keep in mind (and a reason this is probably so clunky on Google’s part right now), as part of Google's deal to buy Fitbit, they promised privacy regulators they wouldn’t collect Fitbit health data for at least 10 years. So, that’s probably the reason for the two separate apps.
Fortunately, you have us. Here’s what we learned looking through all the privacy policies. (Also, sorry for the long review here, we are dealing with lots of privacy policies here though).
First, Fitbit. As of January 14, 2021, Google officially became the owner of Fitbit. That worried many privacy conscious users. However, Google promised that “Fitbit users’ health and wellness data won't be used for Google ads and this data will be kept separate from other Google ad data ” for at least 10 years as part of the deal with global regulators. However, Fitbit and Google announced in 2022 that a Google account will be required for some uses of Fitbit starting in 2023. And in 2025, Google accounts will likely be required to use a Fitbit, indicating Google has plans to bring Fitbit users into the Google ecosystem as much as they can.
What’s this mean? Well, Fitbit can collect a good amount of data, as most fitness trackers do. They say they collect things such as name, email address, phone number, birthdate, gender, height, weight, location, wi-fi access points, and of course all the body related data like steps, activity, sleep, stress, calories burned, and more. Fitbit also says they can collect data from third parties social media sites like Facebook and Google if you choose to connect them (please, don’t) and from employers and insurance companies if you choose to share to receive wellness benefits or discounted or free services (again, not a good idea).
How does Fitbit use all this personal information it collects? Well, the good news is their privacy policy says they never sell your data. They also say they can share your personal information with advertising partners for targeted, interest-based advertising across the internet, which isn’t good news. And they say they can use that information to make inferences about you to show you more relevant content -- like using your sleep data to show you content to help you sleep better, which I’m pretty sure wouldn’t actually help me sleep better. So yeah, your Fitbit data is being used to show you ads and keep you using the platform as much as possible. Not surprising, but not great either.
Fitbit also says it can share non-personal information that has been de-identified or aggregated. This is pretty common, but still, can be a bit of a concern as it’s been found to be pretty easy to de-anonymize these data sets and track down an individual’s patterns, especially with location data. So, be aware with Fitbit--or any fitness tracker--you are strapping on a device that tracks your location, heart rate, sleep patterns, and more. That's a lot of personal information gathered in one place.
What’s the worst that could happen with Fitbit and all the personal and health related data it collects? Well, in 2021 it was reported that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else including third party apps, your employer, or a insurance company, it could be vulnerable.I don’t know about you, but I don’t need the world to know my weight, how well I sleep, and where I live. That’s really dang creepy.
Now for Google. "OK, Google.” That’s pretty much exactly how we think Google does when it comes to privacy. They are OK, if you consider the fact that they are a ginormous data collecting advertising company that makes billions of dollars off your personal information. It’s really unfortunate just how low the bar has gotten when it comes to privacy these days.
What sorts of data does Google collect on you? Well, there are those voice recordings when you go, “Hey Google, what are the symptoms of a panic attack?” And while Google promises that your voice recordings won’t be used to send you personalized ads, they do say the transcripts of your voice interactions with your Google smart speaker may. Google also collects things like your location, information about things near your devices like wi-fi access points and bluetooth enabled devices, people you communicate with, purchase activity, voice and audio information, your favorite songs on Spotify, what things you search for, what things you ask Google, when you turn your lights on if you have smart lights, when you use it to run your robot vacuum, and so much more.
Of course, Google uses your personal information to sell those targeted, personalized ads you see all over the place like in your Gmail, in your favorite Solitaire app, on partner websites, and on YouTube. Yup, the ads are everywhere. Google does say they won’t use things like your religious beliefs or health information to show you ads…although we just have to trust them on that. I’m sure we’ve all seen ads based on sensitive things about us that felt pretty creepy. And Google says they won’t use content from your Google Drive, Email, or Photos to personalize ads. We sure hope not.
Google also says they can collect a good bit of information on your child if they use Google services, including services managed by parents through Family Link for children under 13. The data they say they can collect on your child includes location data, voice and audio information, what apps and devices your child uses, and your child's activity within Google's services. And then they say they can use that data to ""provide recommendations, personalized content, and customized search results."" Yes, Google is going to push content to your kid based on their online activities. Google does say that they, ""... will not serve personalized ads to your child, which means ads will not be based on information from your child’s account or profile. Instead, ads may be based on information like the content of the website or app your child is viewing, the current search query, or general location (such as city or state). When browsing the web or using non-Google apps, your child may encounter ads served by other (non-Google) ad providers, including ads personalized by third parties."" Parents, if you plan to let your kids use Google's services, it's good to do some research beforehand.
We've always struggled a bit with Google here at *Privacy Not Included. There is no doubt Google is bad for the world's privacy. They kinda set the standard for collecting huge amounts of data on us and using that to target ads. The end result of Google's years and years of data collection and targeted advertising is a huge billion dollar company with tons and tons of power around the world. And now we're all perhaps way too conditioned to having our data being scooped up to target us with ads based on our location, our interests, and inferences that can be drawn about us from all these thousands of data points. This is all really bad for privacy.
That being said. Google has always managed to avoid our *Privacy Not Included warning label because they do some good things too -- like give everyone the ability to delete their data, they do a pretty good job and keeping all the data the hoover up on us secure, and hey, we know they don't really sell that data because, why would they? They want that data for themselves to make lots of money.
This is the year that we've finally decided Google has gotten bad enough we can justify dinging them with our *Privacy Not Included warning label (yes, we don't disagree we should have done it sooner, but we do have a methodology full of criteria we work from and they always walked the line of being bad but not exactly crossing enough of our lines to ding them). Here's why we decided to ding them this year.
First, we already know Google collects a TON of personal information on us, through our Google Assistant voice requests, location tracking, searches, cookies and app tracking technologies, and more. And while Google says they don't sell that information, they do provide access to that information to many, many third parties for advertising purposes. Google goes even farther these days and says that they allow ""specific partners to collect information from your browser or device for advertising and measurement purposes using their own cookies or similar technologies."" That means you're not just being tracked by Google when you use devices but also by these mysterious ""specific partners"" in ways that you might not be aware of or been given the opportunity to consent to. This is bad.
We're in the age of AI now, so there is even more bad. We are very concerned that Google's privacy policy now says they can ""use publicly available information to help train Google’s AI models."" This is a concern to us and others because we don't know what Google counts as ""publicly available information,"" and we don't know if people are ever given any idea, warning, or opportunity to consent to have this data used to train Google's AI, including their Bard chatbot. And Google is bringing Bard into their Google Assistant, apps, and services. That could mean even more personal information shared, collected, processed, and inferred about you by Google.
The second big concern we have about Google is their track record at being honest and respecting all this personal information they collect on us. Google has racked up quite a long list of fines for privacy violations. In 2023, they settled a lawsuit with the state of California for $93 million for continuing to collect and store location data even after users turned off location tracking, according to the lawsuit. In 2022, they settled a similar lawsuit for continuing to track users locations after they opted with 40 states for $392 million. Also in 2023, a $5 billion lawsuit was allowed to continue against Google for secretly tracking users internet use when the judge ruled "she could not find that users consented to letting Google collect information about what they viewed online because the Alphabet (GOOGL.O) unit never explicitly told them it would." And in December of 2022, the French data protection authority fined Google $57 million for ""failing to acknowledge how its users' data is processed."" Those are just the fines and lawsuits that have happened since we last reviewed Google in 2022. Over the past few years, there have been even more. South Korea fined Google (and Meta) millions of dollars recently for privacy violations. So did France and Spain. And in the US, Google has faced a host of lawsuits and settlements from Texas, California, Illinois, Arizona, the Federal Trade Commission, and more. All this makes it pretty hard to trust what a company says they do with that massive amount of personal information they collect on you.
One thing about Google we do like: They have a decent way to communicate with users about how they collect and use data in their Safety Center. Google does collect a ton of data on you and your children, especially if you don't take the time to adjust your privacy settings to lock down just how much info they can gather. You should absolutely take the time to adjust these privacy settings. Just beware, you will get notifications that some things might not work right if you change settings. That’s annoying, and probably worth it for a little more privacy.
What’s the worst that could happen? Well, it's possible Google can get to know you really well, maybe too well. Maybe they recognize you from all the times you ordered plain cheese pizza. They know you are single because who orders plain cheese pizza? Just kidding, they know you're single because of all those pedicure appointments you've booked for one. Maybe it's OK Google knows you so well? Maybe it's creepy. (OK, we think it’s pretty creepy). What’s even creepier these days is the possibility that your Google searches and location information and more could potentially be used to harass, arrest, and even prosecute people in the United States seeking reproductive health care. That’s not just creepy, that’s downright harmful. Oh, and we don't even know how creepy it could get as Google gobbles up more and more of our data to train their AIs. This isn't just a problem with Google though, this is a concern we have with AI's like ChatGPT and OpenAI as well.
Wskazówki, jak się chronić
- Visit privacy controls to adjust the amount of data collected
- Turn off personalized advertisement
- Visit privacy & security controls to adjust the amount of data collected
- Delete your historical data from time to time
- When starting a sign-up, do not agree to tracking of your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data."
Czy może mnie podsłuchiwać?
Aparat
Urządzenie: Nie
Aplikacja: Tak
Mikrofon
Urządzenie: Tak
Aplikacja: Tak
Śledzi położenie
Urządzenie: Tak
Aplikacja: Tak
Czego można użyć do rejestracji?
Tak
Telefon
Nie
Konto firmy trzeciej
Tak
You will need both Google Accound and Fitbit account to set up your Google Pixel Watch.
Jakie dane zbiera ta firma?
Osobiste
Name, email address, or billing information, or other data that can be reasonably linked to such information by Google, such as information we associate with your Google Account; Precise geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs If you choose: profile photo, biography, country information, and community username; Data on your activity, such as terms you search for, videos you watch, views and interactions with content and ads, voice and audio information, purchase activity, people with whom you communicate or share content, activity on third-party sites and apps that use our services, Chrome browsing history you’ve synced with your Google Account; Your address, ZIP code, and where the device is placed; Sensor data such as detected motion, ambient light measurements, temperature, humidity, carbon monoxide, and smoke levels as well as information derived from this data, such as sleep information; (If you use calls) Phone number, calling-party number, receiving-party number, forwarding numbers, sender and recipient email address, time and date of calls and messages, duration of calls, routing information, and types and volumes of calls and messages; GPS location and other sensor data from your device
Związane z ciałem
Height, weight; If you choose: logs for food, weight, sleep, water, or female health tracking Voice (if you use Google Assistant).
Społecznościowe
Contacts
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
Google
In September 2023, the US Department of Justice launched a trial against Google arguing "that Google abused its power as a monopoly to dominate the search engine business." Full disclosure, Mozilla testified in this trial.
In September 2023, Google was set to pay $93M in settlement over deceptive location tracking.
In August 2023, a US District Court judge allowed a $5 Billion lawsuit to continue against Google for alledged privacy violations of users for secretly tracking them without their consent.
In January 2023, Google confirmed data breach in its cell network provider Google Fi. The breach is linked to the recent T-Mobile hack. Google announced the breach immediately. Google says the hackers accessed limited customer information, including phone numbers, account status, SIM card serial numbers and information related to details about customers’ mobile service plans, such as whether they have selected unlimited SMS or international roaming.
In December 2022, Google was fined by EU watchdog over GDPR violations.
In September 2022, Google lost anti-trust ruling of EU which put a fine of over $4.34B on Google because of its Android monopoly.
Google received plenty of fines from European, American, and Korean authorities in the last few years. The biggest was the $170M fine from New York Attorney General for mishandling the children consent. The other cases include the fine of $100M for violating the Biometric Information Privacy Act in Illinois, $71.8M fine for mishandling consent in South Korea, $57M fine for violating GDPR in France, as well as other fines from local Data Protection Authorities in Ireland, Italy, and Spain.
In August 2019, the company admitted that partners who work to analyze voice snippets from the Assistant leaked the voice snippets of some Dutch users. More than 1,000 private conversations were sent to a Belgian news outlet, some of the messages reportedly revealed sensitive information such as medical conditions and customer addresses.
In December 2018,a bug exposed the data of 52.5 million Google+ users.
Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest's devices.
Fitbit:
In August 2023, Fitbit faced three data tranfer complaints in the EU, that allege the company is illegally exporting user data in breach of the bloc’s data protection rules: "European privacy rights not-for-profit, noyb, has filed the complaints with data protection authorities in Austria, the Netherlands and Italy on behalf of three (unnamed) Fitbit users. Commenting in a statement, Maartje de Graaf, data protection lawyer at noyb, said: “First, you buy a Fitbit watch for at least €100. Then you sign up for a paid subscription, only to find that you are forced to ‘freely’ agree to the sharing of your data with recipients around the world. Five years into the GDPR, Fitbit is still trying to enforce a ‘take it or leave it’ approach.”
In 2021 Fitbit's security measures did not prevent the major data leak of 61 million fitness tracker data records, including Fitbit user data, by the third-party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.
In 2020, it was reported the emails and passwords of nearly 2 million Fitbit users were leaked online.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
Users must comb through privacy policies for both Fitbit and Google to make sure they've covered all their bases when it comes to privacy documentation for Fitbit products. It is complicated and cumbersome and confusing.
Odnośniki do informacji o prywatności
- Google Privacy Policy
- Fitbit Legal: Privacy Policy
- Privacy Notice for Audio Collection from Children’s Features on Google Assistant
- Google's Privacy & Security Principles
- How does Google use location information?
- Google's Advertising Explainer Page
- FAQs on Privacy: Fitbit
- Fitbit Legal: Fitbit Privacy Policy for Children's Account
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Szyfrowanie
Silne hasło
To create a Fitbit account, users are required to provide strong, complex, passwords during onboarding.
Aktualizacje zabezpieczeń
Zajmuje się problemami z bezpieczeństwem
Zasady ochrony prywatności
Google is planning to add generative AI product Bard to its Home products. Google also uses natural language processing to understand you and to generate answers to your requests.
Google publishes academic papers about its AI research (https://ai.google/) and makes several tools available via open source. https://ai.google/tools
FitBit Coach and FitBit Care services are said to be based on Machine Learning
Czy tej sztucznej inteligencji nie można ufać?
Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?
Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?
Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?
Dowiedz się więcej
-
The Google Pixel Watch 2 feels like deja vuMashable
-
Google loses appeal against record $4 billion EU fineCNN Business
-
Google Fi says hackers accessed customers’ informationTechCrunch
-
Google fails to end $5 billion consumer privacy lawsuitReuters
-
Scoop: Google Assistant to get an AI makeoverAxios
-
It's About Damn Time: Google Pixel Watch Makes its DebutGizmodo
-
Google Pixel Watch reviewTom's Guide
-
Google Agrees to $392 Million Privacy Settlement With 40 StatesThe New York Times
-
Pixel Watch Hands-On: Fitbit's Wear OS Debut Highlights Google's First SmartwatchCNET
-
Google’s Long-Awaited Pixel Watch Is Finally HereWired
-
Let’s take a closer look at Google’s Pixel WatchTechCrunch
-
Europe clears Google-Fitbit with a ten-year ban on using health data for adsTechCrunch
Komentarze
Masz uwagi? Podziel się nimi z nami.