Noyb, a Vienna-based digital rights group, has lodged complaints against Google’s Fitbit in three European countries – Austria, Netherlands and Italy. Fitbit is accused of breaching the EU’s General Data Protection Regulation (GDPR) privacy rules. The bone of contention is Fitbit’s policy of compelling users to consent to data transfers outside the EU without offering an option to retract this consent, which Noyb says violates GDPR requirements.
Fitbit’s portfolio includes watches that monitor activity, sleep, and heart rate, with a subscription service available from $9.99 a month. While these features may be impressive, Noyb’s data protection lawyer Bernardo Armentano raised concerns about Fitbit’s handling of sensitive health data. He expressed surprise at the company’s failure to explain its use of such data, a requirement under GDPR rules.
The implications for Fitbit could be severe considering GDPR violations can attract fines up to 4% of a firm’s global annual revenue. With Google’s annual revenue standing at $280 billion in 2022, it’s clear that Fitbit’s parent company could face significant financial fallout.