Google’s data and privacy policies have been under scrutiny with its recent acquisition of the popular fitness tracking company Fitbit. Violations of the EU’s General Data Protection Regulation (GDPR) regime by Fitbit have prompted advocacy group Noyb to file complaints in Austria, the Netherlands, and Italy.
According to Noyb, Fitbit forces its users to consent to data transfers outside the EU and does not provide the possibility to withdraw their consent, violating GDPR’s requirements. If found guilty, Fitbit could be looking at fines of up to 4% of Google’s global annual revenue, which stands at $280 billion. Noyb’s complaint asks that Fitbit be forced to share all mandatory information about the data transfers with its users and give them the ability to use the app without consenting to these transfers.
Bernardo Armentano, Noyb’s co-founder states, “Given that the company collects the most sensitive health data, it’s astonishing that it doesn’t even try to explain its use of such data, as required by law.” He notes that this violation of GDPR could deprive Fitbit users of the ability to control the use of their data and reveals Google’s disregard for its customers’ trust.
So far, no statement from Google on this issue has been made. As the legal proceedings continue, it’s uncertain what the fate of Fitbit will be, or whether it will be allowed to continue transferring data. Nevertheless, this case has highlighted the need for Google to be more transparent with its data transfer policies.