Google Bought Fitbit: EU Warned of Potential ‘Risk’ to Privacy, Data

February 24th, 2020 11:23 AM

Google has bought its way into health care through fitness tracking. Is the European Union (E.U.) right to call foul?

Both U.S. and E.U. regulators are wary of Google’s $2.1 billion purchase of fitness tracking company Fitbit last November. The New York Post announced that the Department of Justice would be looking into the acquisition last December, and the E.U.’s European Data Protection Board (E.D.B.P.) cited that this purchase by an already powerful company “could entail a high level of risk to privacy and data protection.”

The E.D.B.P. is the E.U. watchdog on “data protection rules,” and “promotes cooperation between the EU’s data protection authorities.”

Google and Fitbit have both made attempts to soothe the concerns with both the public and governments by declaring that they intend to protect user privacy. In a Google blog post prior to the company’s acquisition of Fitbit, Senior Vice President of Devices & Services Rick Osterloh wrote how “privacy and security are paramount” and that “we will be transparent about the data we collect and why. We will never sell personal information to anyone.”

A Fitbit press release on the same day tried to convey that same idea, suggesting that “Consumer trust is paramount to Fitbit,” and “[s]trong privacy and security guidelines have been part of Fitbit’s DNA since day one.”

Only time will tell whether the Fitbit’s commitment to privacy will be honored. Here’s what the press release claimed:

“Fitbit will continue to put users in control of their data and will remain transparent about the data it collects and why. The company never sells personal information, and Fitbit health and wellness data will not be used for Google ads.”

Google has a checkered past when it comes to transparency and privacy.

Last November, the same month that Google acquired Fitbit, The Wall Street Journal revealed Google’s “Project Nightingale,” and cited it as “the biggest effort yet by a Silicon Valley giant to gain a toehold in the health-care industry through the handling of patients’ medical data.”

Internal documents from The Journal reportedly revealed that this project was started in conjunction with the help of Ascension, a Catholic chain of hospitals and related facilities, which reportedly engaged in a “collect and crunch” process to collect and analyze the personal health info of millions of Americans. Indeed, according to The Journal, “Neither patients nor doctors have been notified.”

Four Democratic politicians, including House Energy and Commerce Committee Chairman Frank Pallone Jr. (D-NJ), Anna Eshoo (D-CA), Diana DeGette (D-CO) and Jan Schakowsky (D-IL) demanded more information, according to CNBC, and sent an open letter to Ascension’s President and Chief Executive Officer Joseph Impicciche. The letter specifically affirmed that “[c]oncerns” have been “justifiably raised” regarding “Ascension’s decision not to notify its patients that their information would be shared with Google or how their information would be used.”