Remember a couple years ago when the announcement came down that Google was buying Fitbit and there were a ton of concerns for the privacy of Fitbit users? So the EU stepped in and said they would only approve the deal if Google made some promises about how they would handle all that health data these smart watches can track, like a 10-year ban on using health data for ad targeting for folks in the EU. Fast forward to now, and Google is finally launching their own branded smartwatch they say delivers "the best of Google and Fitbit" together. Meet the Google Pixel Watch, an Apple Watch competitor with all the features of a smart watch like Google Wallet, Google Maps, Google Assistant, phone, texts, calendars, and more. And all the fitness tracking features of a Fitbit like steps, heart rate, sleep tracking, fall detection, and more. Sounds like a good thing...if you're not an iPhone user, as there is no iPhone support. Android users only. As for privacy, well, Apple is probably better than Google and Fitbit at that.
Co się może stać, jeśli coś pójdzie nie tak?
Google and Fitbit got married in 2021. A year later, they’ve now birthed the Google Pixel Watch, a smartwatch they say comes with “Help by Google. Health by Fitbit.” What’s that mean for privacy? Well, first off, good luck figuring out which privacy policy applies to the new Google Pixel Watch. Is it Google’s privacy policies? Fitbit's? Turns out, it’s both. Yup, welcome to your new privacy nightmare.
The Google Pixel Watch actually needs two apps to do everything. There’s the Google Pixel Watch app that lets users set up and manage the watch on your Android device (sorry iOS users, no support for you). That app links to this privacy policy for Google which takes a good long while to read (pro tip: click on the download pdf version to make it a bit easier to sort through). Then you can download and set up the Fitbit app on your device and use it to collect all that health data like activity, stress, sleep patterns, menstrual cycle tracking, and more. That app uses the Fitbit privacy policy. Oh, and what privacy policy applies to the device itself you ask? Well, according to Google’s customer service rep, the Google privacy policy applies to the device. Got it?
Good luck finding any of that information in the Fitbit or Google product pages where they sell the device though. You won’t. See, we just saved you so much time. However, it’ll take you hours to sort through the Google and Fitbit privacy policies to try and understand what data this smartwatch collects, how it is shared (good news though, neither Google or Fitbit say they sell data, so at least there’s that), who has access to it, and how you can delete it if you want. One thing to keep in mind (and a reason this is probably so clunky on Google’s part right now), as part of Google's deal to buy Fitbit, they promised privacy regulators they wouldn’t collect Fitbit health data for at least 10 years. So, that’s probably the reason for the two separate apps.
Fortunately, you have us. Here’s what we learned looking through all the privacy policies. (Also, sorry for the long review here, we are dealing with lots of privacy policies here though).
First, Fitbit. As of January 14, 2021, Google officially became the owner of Fitbit. That worried many privacy conscious users. However, Google promised that “Fitbit users’ health and wellness data won't be used for Google ads and this data will be kept separate from other Google ad data ” for at least 10 years as part of the deal with global regulators. However, Fitbit and Google announced in 2022 that a Google account will be required for some uses of Fitbit starting in 2023. And in 2025, Google accounts will likely be required to use a Fitbit, indicating Google has plans to bring Fitbit users into the Google ecosystem as much as they can.
What’s this mean? Well, Fitbit can collect a good amount of data, as most fitness trackers do. They say they collect things such as name, email address, phone number, birthdate, gender, height, weight, location, wi-fi access points, and of course all the body related data like steps, activity, sleep, stress, calories burned, and more. Fitbit also says they can collect data from third parties social media sites like Facebook and Google if you choose to connect them (please, don’t) and from employers and insurance companies if you choose to share to receive wellness benefits or discounted or free services (again, not a good idea).
How does Fitbit use all this personal information it collects? Well, the good news is their privacy policy says they never sell your data. They also say they can share your personal information with advertising partners for targeted, interest-based advertising across the internet, which isn’t good news. And they say they can use that information to make inferences about you to show you more relevant content -- like using your sleep data to show you content to help you sleep better, which I’m pretty sure wouldn’t actually help me sleep better. So yeah, your Fitbit data is being used to show you ads and keep you using the platform as much as possible. Not surprising, but not great either.
Fitbit also says it can share non-personal information that has been de-identified or aggregated. This is pretty common, but still, can be a bit of a concern as it’s been found to be pretty easy to de-anonymize these data sets and track down an individual’s patterns, especially with location data. So, be aware with Fitbit--or any fitness tracker--you are strapping on a device that tracks your location, heart rate, sleep patterns, and more. That's a lot of personal information gathered in one place.
What’s the worst that could happen with Fitbit and all the personal and health related data it collects? Well, in 2021 it was reported that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else including third party apps, your employer, or a insurance company, it could be vulnerable.I don’t know about you, but I don’t need the world to know my weight, how well I sleep, and where I live. That’s really dang creepy.
Now for Google. “OK, Google.” That’s pretty much exactly how we think Google does when it comes to privacy. They are OK, if you consider the fact that they are a ginormous data collecting advertising company that makes billions of dollars off your personal information. This is the world we live in now, though, and there are other Big Tech companies doing a worse job than Google at protecting and respecting your privacy (looking at you Meta/Facebook). It’s really unfortunate just how low the bar has gotten when it comes to privacy these days.
That said, you should be aware Google is a huge ad company that needs lots and lots of your data to sell ads. What sorts of data does Google collect on you? Well, there are those voice recordings when you go, “Hey Google, what are the symptoms of the latest coronavirus variant?” And while Google promises that your voice recordings won’t be used to send you personalized ads, they do say the transcripts of your voice interactions with your Google smart speaker may. Google also collects things like your location, information about things near your devices like wi-fi access points and bluetooth enabled devices, people you communicate with, purchase activity, voice and audio information, your favorite songs on Spotify, what things you search for, what things you ask Google, when you turn your lights on if you have smart lights, when you use it to run your robot vacuum, and so much more.
Of course, Google uses your personal information to sell those targeted, personalized ads you see all over the place like in your Gmail, in your favorite Solitaire app, on partner websites, and on YouTube. Yup, the ads are everywhere. Google does say they won’t use things like your sexual orientation, race, and health, to show you ads…although we just have to trust them on that. I’m sure we’ve all seen ads based on sensitive things about us that felt pretty creepy. And Google says they won’t use content from your Google Drive, Email, or Photos to personalize ads. We sure hope not.
We do like that people who use Google’s AI voice assistant are now automatically opted out of Google's human review of voice recordings, because that was super creepy. We also like that Google does try to communicate with users how they collect and use data in their Safety Center. Google does collect a ton of data on you, especially if you don't take the time to adjust your privacy settings to lock down just how much info they can gather. You should absolutely take the time to adjust these privacy settings. Just beware, you might get notifications that some things might not work right if you change settings. That’s annoying, and probably worth it for a little more privacy.
As for Google’s track record at protecting and respecting your privacy, well, it’s a mixed bag. Google does pretty good at the security side of protecting all that heaps of data they collect on your. It is their money making business asset, after all. Unfortunately, Google also has a spotty track record at respecting privacy, as seen in the multitude of fines and lawsuits that have been thrown at them all around the world for violating privacy laws and protections. South Korea fined Google (and Meta) millions of dollars recently for privacy violations. So did France and Spain. And in the US, Google has faced a host of lawsuits and settlements from Texas, California, DC,Illinois, Arizona, the Federal Trade Commission, and more. All this makes it pretty hard to trust what a company says they do with that massive amount of personal information they collect on you.
What’s the worst that could happen? Well, If you don't take the time to lock down all your privacy settings, it's possible Google can get to know you really well, maybe too well. Maybe they recognize you from all the times you ordered plain cheese pizza. They know you are single because who orders plain cheese pizza? Just kidding, they know you're single because of all those pedicure appointments you've booked for one. Maybe it's OK Google knows you so well? Maybe it's creepy. (OK, we think it’s pretty creepy). What’s even creepier these days is the possibility that your Google searches and location information and more could potentially be used to harass, arrest, and even prosecute people in the United States seeking reproductive health care. That’s not just creepy, that’s downright harmful.
One last thing. Hey Google and Fitbit. Please sort this out and make it easier for your users to understand the privacy policy ecosystem of this smartwatch and the apps it uses. Or, at the very least, make it clearer on the Google Pixel Watch website that users are going to need to use two apps to control this device and that comes with multiple privacy policies and settings and concerns.
Wskazówki, jak się chronić
- Visit privacy controls to adjust the amount of data collected
- Turn off personalised advertisement
- Visit privacy & security controls to adjust the amount of data collected
- Delete your historical data from time to time
- When starting a sign-up, do not agree to tracking of your data
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data."
Czy może mnie podsłuchiwać?
Aparat
Urządzenie: Nie
Aplikacja: Tak
Mikrofon
Urządzenie: Tak
Aplikacja: Tak
Śledzi położenie
Urządzenie: Tak
Aplikacja: Tak
Czego można użyć do rejestracji?
Tak
Telefon
Nie
Konto firmy trzeciej
Tak
You will need both Google Accound and Fitbit account to set up your Google Pixel Watch.
Jakie dane zbiera ta firma?
Osobiste
Name, date of birth, gender, photo (optional)
Związane z ciałem
Heart rate, movement, sleep data, menstrual cycle, and more
Społecznościowe
Contacts
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
In 2021 Fitbit's security measures did not prevent the major data leak of 61 million fitness tracker data records, including Fitbit user data, by the third-party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.
In 2020, it was reported the emails and passwords of nearly 2 million Fitbit users was leaked online.
Google received plenty of fines from European, American, and Korean authorities in the last few years. The biggest was the $170M fine from New York Attorney General for mishandling the children consent. The other cases include the fine of $100M for violating the Biometric Information Privacy Act in Illinois, $71.8M fine for mishandling consent in South Korea, $57M fine for violating GDPR in France, as well as other fines from local Data Protection Authorities in Ireland, Italy, Spain.
In 2022 Google agreed to a nearly $392 million dollar legal settlement with 40 US states "for charges that it misled users into thinking they had turned off location tracking in their account settings even as the company continued collecting that information".
In August 2019, the company admitted that partners who work to analyze voice snippets from the Assistant leaked the voice snippets of some Dutch users. More than 1,000 private conversations were sent to a Belgian news outlet, some of the messages reportedly revealed sensitive information such as medical conditions and customer addresses.
In December 2018, a bug exposed exposed the data of 52.5 million Google+ users.
Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest's devices.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
Two policies cover one product
Odnośniki do informacji o prywatności
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Szyfrowanie
Silne hasło
To create a Fitbit account, users are required to provide strong, complex, passwords during onboarding.
Aktualizacje zabezpieczeń
Zajmuje się problemami z bezpieczeństwem
Zasady ochrony prywatności
Dowiedz się więcej
-
It's About Damn Time: Google Pixel Watch Makes its DebutGizmodo
-
Google Pixel Watch reviewTom's Guide
-
Google Agrees to $392 Million Privacy Settlement With 40 StatesThe New York Times
-
Pixel Watch Hands-On: Fitbit's Wear OS Debut Highlights Google's First SmartwatchCNET
-
Google’s Long-Awaited Pixel Watch Is Finally HereWired
-
Let’s take a closer look at Google’s Pixel WatchTechCrunch
-
Europe clears Google-Fitbit with a ten-year ban on using health data for adsTechCrunch
Komentarze
Masz uwagi? Podziel się nimi z nami.