A PYMNTS Company

Google’s Fitbit Faces GDPR Complaints Over Data Transfers

By  |  August 31, 2023

Google’s data and privacy policies have been under scrutiny with its recent acquisition of the popular fitness tracking company Fitbit. Violations of the EU’s General Data Protection Regulation (GDPR) regime by Fitbit have prompted advocacy group Noyb to file complaints in Austria, the Netherlands, and Italy.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    According to Noyb, Fitbit forces its users to consent to data transfers outside the EU and does not provide the possibility to withdraw their consent, violating GDPR’s requirements. If found guilty, Fitbit could be looking at fines of up to 4% of Google’s global annual revenue, which stands at $280 billion. Noyb’s complaint asks that Fitbit be forced to share all mandatory information about the data transfers with its users and give them the ability to use the app without consenting to these transfers.

    Read more: Google Accuses India’s Competition Commission of Protecting Amazon

    Bernardo Armentano, Noyb’s co-founder states, “Given that the company collects the most sensitive health data, it’s astonishing that it doesn’t even try to explain its use of such data, as required by law.” He notes that this violation of GDPR could deprive Fitbit users of the ability to control the use of their data and reveals Google’s disregard for its customers’ trust.

    So far, no statement from Google on this issue has been made. As the legal proceedings continue, it’s uncertain what the fate of Fitbit will be, or whether it will be allowed to continue transferring data. Nevertheless, this case has highlighted the need for Google to be more transparent with its data transfer policies.

    Source: Reuters