Tech giant Google has sought to allay privacy fears now it has completed the acquisition of health and fitness smartwatch maker Fitbit.
“This deal has always been about devices, not data, and we’ve been clear since the beginning that we will protect Fitbit users’ privacy,” said Rick Osterloh, Google’s senior vice-president for devices and services, in a blog on the company’s website.
“We worked with global regulators on an approach which safeguards consumers’ privacy expectations, including a series of binding commitments that confirm Fitbit users’ health and wellness data won’t be used for Google ads and this data will be separated from other Google ads data.”
The European Commission approved the acquisition in December following concerns that it would be anti competitive and harmful to privacy. Google made a number of specific commitments, which will be monitored by a trustee (see below)
“We’ll maintain access to Android APIs [Application Programming Interfaces] that enable devices like fitness trackers and smart watches to interoperate with Android smartphones,” said Mr Osterlogh
“We’ll continue to allow Fitbit users to choose to connect to third-party services so you’ll still be able to sync your favourite health and fitness apps to your Fitbit account.”
He said the commitments will be implemented globally so all consumers can benefit, adding: “We’ll also continue to work with regulators around the world so that they can be assured that we are living up to these commitments.”
In an online letter to customers, Fitbit’s co-founder, CEO and president James Park, wrote: “The trust of our users will continue to be paramount, and we will maintain strong data privacy and security protections, giving you control of your data and staying transparent about what we collect and why.” He also reiterated Google’s privacy pledges.
- Google will not use for Google Ads the health and wellness data collected from wrist-worn wearable devices and other Fitbit devices of users in the EEA, including search advertising, display advertising, and advertising intermediation products. This refers also to data collected via sensors (including GPS) as well as manually inserted data.
- Google will maintain a technical separation of the relevant Fitbit’s user data. The data will be stored in a “data silo” which will be separate from any other Google data that is used for advertising.
- Google will ensure that European Economic Area (‘EEA’) users will have an effective choice to grant or deny the use of health and wellness data stored in their Google Account or Fitbit Account by other Google services (such as Google Search, Google Maps, Google Assistant, and YouTube).
Web API Access Commitment:
- Google will maintain access to users’ health and fitness data to software applications through the Fitbit Web API, without charging for access and subject to user consent.
Android APIs Commitment:
- Google will continue to license for free to Android original equipment manufacturers (OEMs) those public APIs covering all current core functionalities that wrist-worn devices need to interoperate with an Android smartphone. Such core functionalities include but are not limited to, connecting via Bluetooth to an Android smartphone, accessing the smartphone’s camera or its GPS. To ensure that this commitment is future-proof, any improvements of those functionalities and relevant updates are also covered.
- It is not possible for Google to circumvent the Android API commitment by duplicating the core interoperability APIs outside the Android Open Source Project (AOSP). This is because, according to the commitments, Google has to keep the functionalities afforded by the core interoperability APIs, including any improvements related to the functionalities, in open-source code in the future. Any improvements to the functionalities of these core interoperability APIs (including if ever they were made available to Fitbit via a private API) also need to be developed in AOSP and offered in open-source code to Fitbit’s competitors.
- To ensure that wearable device OEMs have also access to future functionalities, Google will grant these OEMs access to all Android APIs that it will make available to Android smartphone app developers including those APIs that are part of Google Mobile Services (GMS), a collection of proprietary Google apps that is not a part of the Android Open Source Project.
- Google also will not circumvent the Android API commitment by degrading users experience with third party wrist-worn devices through the display of warnings, error messages or permission requests in a discriminatory way or by imposing on wrist-worn devices OEMs discriminatory conditions on the access of their companion app to the Google Play Store.