Fitbit Accused Of Unlawful Data Sharing Practices, Faces GDPR Complaints

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

The privacy group noyb has filed three different lawsuits over Fitbit’s unlawful data sharing practices. Fitbit is a popular health and fitness company that specializes in smart watches. They were purchased by Google in 2021.

The lawsuit outlines how Fitbit mishandles its customer’s data, making it a potential threat to users’ personal privacy. The suit claims that Fitbit forces its users to consent to data transfers outside of the UK, which is against the GDPR laws.

“European users are obliged to “agree to the transfer of their data to the United States and other countries with different data protection laws,” explains the noyb group.

The shared data includes a lot of personal information, including but not limited to full names, email addresses, data of birth, gender, messages to friends made with Fitbit, and your logs for health information like food, weight, exercise, etc.

Fitbit uses a “take it or leave it” approach to their user agreement. Rather than giving you any control over how your data is shared, Fitbit completely prohibits you from using your device unless you agree to have your data shared with foreign companies. As noyb points out, you can pay for a Fitbit and the subscription, only to find that you can’t use the product at all.

But as the lawsuit claims, even if there was a simple way to withdraw consent, it would still be in violation of GDPR, as they regularly send extremely personal health information and mass data transfers outside of the EU.

The lawsuits were filed in The Netherlands, Italy, and Austria near the end of August — if Google is found guilty, they’re looking at a potentially multi-billion dollar fine.

“The collected data can even be shared for processing with third-party companies of which we do not know where they are located,” noyb said.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."