GDPR Concerns For Google And Fitbit

Following the acquisition of Fitbit by Google in November 2019, the search engine supremo has faced questions over how it will protect user’s private healthcare data, as it embarks on its journey into the health and social care sector.

The European Data Protection Board (EDPB) has ordered Google to conduct a “full assessment of the data protection requirements and privacy implications” following the acquisition. These concerns were raised due to a merger of obligations under the rules of GDPR.

The EDPB said:

“Following the announcement of Google LLC’s intention to acquire Fitbit, the EDPB adopted a statement highlighting that the possible further combination and accumulation of sensitive personal data regarding people in Europe by a major tech company could entail a high level of risk to privacy and data protection.”

The woes don’t end there for Google. Following the acquisition and the questions around what will happen to Fitbit’s sensitive health data, the Information Commissioner’s Office (ICO) and the US Department of Justice are keeping a close eye on the situation, and looking into privacy concerns that surround the deal.

An ICO spokesperson said:

“We are aware of Google’s acquisition of Fitbit and we are considering the potential impact on the privacy rights of UK users.”

Google has faced privacy concerns before, when they received the highest GDPR fine to date of €50million by the CNIL (French equivalent of the ICO), following a data breach.