The European Information Safety Board (EDPB) has intervened to lift considerations about Google’s plan to scoop up the well being and exercise information of hundreds of thousands of Fitbit customers — at a time when the corporate is underneath intense scrutiny over how extensively it tracks folks on-line and for antitrust concerns.
Google confirmed its plan to accumulate Fitbit final November, saying it could pay $7.35 per share for the wearable maker in an all-cash deal that valued Fitbit, and due to this fact the exercise, well being, sleep and placement information it may possibly maintain on its greater than 28M lively customers, at ~$2.1 billion.
Regulators are within the technique of contemplating whether or not to permit the tech large to gobble up all this information.
Google, in the meantime, is within the technique of dialling up its designs on the health space.
In an announcement issued after a plenary assembly this week the physique that advises the European Commission on the applying of EU information safety legislation highlights the privateness implications of the deliberate merger, writing: “There are considerations that the attainable additional mixture and accumulation of delicate private information relating to folks in Europe by a serious tech firm may entail a excessive degree of threat to the elemental rights to privateness and to the safety of private information.”
Simply this month the Irish Information Safety Fee (DPC) opened a proper investigation into Google’s processing of individuals’s location information — lastly performing on GDPR complaints filed by client rights teams as early as November 2018 which argue the tech large makes use of misleading techniques to govern customers with a purpose to preserve monitoring them for ad-targeting functions.
We’ve reached out to the Irish DPC — which is the lead privateness regulator for Google within the EU — to ask if it shares the EDPB’s considerations.
The latter’s assertion goes on to reiterate the significance for EU regulators to asses what it describes because the “longer-term implications for the safety of financial, information safety and client rights at any time when a big merger is proposed”.
It additionally says it intends to stay “vigilant on this and related instances sooner or later”.
The EDPB features a reminder that Google and Fitbit have obligations underneath Europe’s Basic Information Safety Regulation to conduct a “full evaluation of the information safety necessities and privateness implications of the merger” — and achieve this in a clear manner, underneath the regulation’s precept of accountability.
“The EDPB urges the events to mitigate the attainable dangers of the merger to the rights to privateness and information safety earlier than notifying the merger to the European Fee,” it additionally writes.
We reached out to Google for remark however on the time of writing it had not supplied a response nor responded to a query asking what commitments it is going to be making to Fitbit customers relating to the privateness of their information.
Fitbit has previously claimed that customers’ “well being and wellness information won’t be used for Google adverts”.
Nonetheless large tech has a historical past of subsequently steamrollering founder claims that ‘nothing will change’. (See, for e.g.: Facebook’s WhatsApp U-turn on data-linking.)
“The EDPB will think about the implications that this merger might have for the safety of private information within the European Financial Space and stands able to contribute its recommendation on the proposed merger to the Fee in that case requested,” the advisory physique provides.
We’ve additionally reached out to the European Fee’s competitors unit for a response to the EDPB’s assertion.