There are already insurers which offer incentives to employees who exercise as tracked by their smartwatch. Vitality UK does this [1].
On the face of it, this doesn't seem terrible. It encourages people to stay active. So far it seems to be limited to an airmiles-type scheme where you can get bonuses like Amazon Prime for free if you meet certain fitness targets. With Vitality you would need 5.3 points a day (160/month) - you get 5 points for 10k steps so you actually have to exceed that every day.
The problem with these systems is that the incentives are poor relative to the amount of effort you need to put in. Amazon Prime is nice, but it's valuing you exercising daily at around £8/month. If you can afford Vitality in the UK, either you're already well-off or you work for a company which can afford it. Why not offer free fitness club membership if you go regularly?
The other issue is that tracking workouts sometimes fails, and you lose your bonus. That sucks and it's an easy way to lose people who can't be bothered to put in extra effort to make up it (for the sake of £8, for example).
Probably we'll go to the automotive model (black box trackers). Some insurers will offer lower premiums to people who can demonstrate they're healthy, others might refuse people who don't submit their data, and others will charge a bit extra, but not require it.
Be careful viewing this with a US lens. In Europe even in countries like Switzerland where you need private "public" health insurance there are strict minimum requirements. Insurers can't refuse you for pre-existing conditions, there are mandatory caps on premiums/deductibles and certain expensive treatments like cancer therapy must be included. Most people don't need health insurance because it's provided through the state.
Of course this is terrible. Adults are being increasingly ordered around by devices and get grades from Google, insurers, banks and probably the government if things continue in this manner.
The industry in Europe pushes for adults being treated like schoolchildren. In Germany the polite form "Sie" (you) is universally replaced by "du" (thou), which formerly was reserved for children and friends.
Websites are infantilising people with their cuddly pre-school logos and childlike names.
I don't see it, "adults being treated like schoolchildren" seems melodramatic when it could just as easily be called precision insurance. Why should the customers who go out of their way to maintain a healthy lifestyle have to pay the same rate as the ones who just watch streams and game all day?
I see this as a feature on some level. I know it sounds bad "google will have access to your fitness records and will sell to insurers that'll affect your premiums/approval, etc etc". But I would argue that our "insurance" models need to be brought in line with a all-data-is-logged world so that we can solve some of the issues.
Maybe we as a society want to rather "subsidize" or "protect" unhealthy individuals by giving them money for higher premium insurance rather than hiding the actual cost of their healthcare by making it illegal for insurance companies to deny them based on their unhealthiness. To me that seems like a better, more explicit and transparent model that doesn't rely on physical reality being "hidden" from the people determining the cost of your insurance, even though we all know that unhealthy people cost more to insure because they have more health issues.
In modern markets, prices are overwhelmingly determined by demand rather than cost.
People with more problems pay more to get insurance because they cannot afford not to. Insurance companies are not run at-cost.
By giving them more excuses to scrutinize your lifestyle, you are just exposing yourself to the risk of them, one day, objecting to anything in it to raise prices on something you cannot afford not to pay.
I just moved into a new house where the previous owner left behind (installed) a bunch of Nest Protect smoke alarms. I looked into putting them on my own account, but found two really lame issues:
1) They don't support GSuite accounts, and Google Home doesn't support linking other accounts when your main account is a GSuite account, and
2) They've shut down all API access to them (people still on old Nest accounts are grandfathered in... for now), so even if I did manage to set it up on a separate non-GSuite Google account, I wouldn't be able to monitor them with openHAB.
I do like them, especially how it warns vocally shortly before it's about to go off, so I can preemptively temp-disable it before it deafens everyone just because I'm cooking and forgot to turn the hood fan on. And the motion-activated nightlight is perfect (there's one in my bedroom right near the entrance to the bathroom). But Google's product support strategy here really makes me uncomfortable, so I'll probably end up replacing them.
"We've been clear from the beginning that we will not use Fitbit health and wellness data for Google ads."
The above statement from Google only refers to a specific subset of data that Fitbit collects: "health and wellness data". Moreover, it only refers to a single limitation: use for Google ads. Any non-health and wellness data can be used for any purpose. Any health and wellness data can be used for any purpose except Google ads.
Consider an alernative statement such as: "We will only collect and use data for the purposes of providing the services, i.e., health and wellness services." This eliminates the loopholes.
From Fitbit's current privacy policy, below is a list of the Fitbit data. As one can see, most of this data is arguably not "health and wellness data".
When viewed in isolation, some of this data might seem routine and innocuous. However when combined with all the personal data Google has collected and obtained from other sources, including other Google devices or services a person might be using, the Fitbit data could be quite useful in profiling users.
Of course, in the future Google Fitbit could collect more data than what is listed here. It depends on what Google chooses to do with the devices and the services going forward.
1. Account data
(required:) name, email address, password, date of birth, gender, height, weight, and in some cases mobile telephone number.
(optional:) profile photo, biography, country information, and community username.
2. Additional data
(optional:) logs for food, weight, sleep, water, or female health tracking;
(optional:) an alarm;
(optional:) messages on discussion boards or to your friends on the Services.
friends' email addresses, friends' social networking accounts, contacts in the contact list on person's mobile device.
(in the case of a survey, contest, or promotion:) name, contact information, and message.
3. Payment and card data
(for certain devices:) name, credit, debit or other card number, card expiration date, and CVV code.
a token containing the last four digits of your card number and your card issuer's name and contact information
(for purchases of Fitbit merchandise via their website:) shipping address
4. Live coaching data
(if the person uses live coaching:) the plan, goals, and actions the person records with the coach, calendar events, communications with the coach, notes the coach records about the person, and other information submitted by the person or the coach.
5. Device data
number of steps taken, distance traveled, calories burned, weight, heart rate, sleep stages, active minutes, and location.
6. Geolocation data
precise geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. approximate location from your IP address.
7. Usage data
usage or network activity information, for example, when the person views or searches content, installs applications or software, creates or logs into account, pairs device to account, or opens or interacts with an application on the Fitbit device.
data about the devices and computers the person uses, including IP addresses, browser type, language, operating system, Fitbit or mobile device information, device and application identifiers, referring web page, pages visited, location (if settings allow), and cookie information.
8. Data from 3rd parties
(if person connects FitBit account to an account on another service, e.g., Facebook or Google:) name, profile picture, age range, language, email address, and friend list.
(optional:) exercise or activity data from another service.
(in the case of employers and insurance companies that offer Fitbit Services to their employees and customers:) name, email address, or similar information (like a telephone number or subscriber ID)
Presumably Google and/or Fitbit operating within the European Union depends on compliance with European law. So choosing to disregard the EU's decision on the matter could blow apart a large part of an international business.
My guess is Google/Fitbit could only proceed without the EU's approval if Fitbit stopped operating in Europe and deleted all Europeans' data.
Arguably: All European customers who bought a Fitbit are likely screwed anyways, Google has a poor history with supporting acquired product lines. While I am irritated about my data being acquired, personally, I'd also recommend against anyone buying a Fitbit while this acquisition is in flux, as Google might choose to terminate service to devices shortly post-acquisition anyways. And privacy loss is a harm as well.
In short, this acquisition is already harming everyone, and the EU is trying to prevent the most consumer harm.
We have no idea what Google's endgame for Fitbit is. Keep Fitbit OS or shove Android Wear on the brand? Focus on the Fitbit app or push everyone to Google Health.
Without knowing this, there's no safe bet in buying a Fitbit right now.
Anything the size of Google is actually a collection of multiple (probably hundreds) of separate legal entities in each country it has significant operations (e.g. a sales office) - all of these will be ultimately owned by whatever the top level listed company (presumably Alphabet). So Google almost certainly has companies in most of the countries of the EU.
It's pretty common for international companies to need approvals by multiple governments for mergers. For example, when German Bayer bought Monsanto, a US company, the Chinese government had to approve it.
"American Companies" is a pretty arbitrary measure these days - both domestic and abroad corporations are gone after by threatening (and carrying out depending on the judgement) to restrict domestic business and seize domestic assets. The US doesn't really have legal standing to seize assets of Google in their London offices (though the UK may be happy to run an assist) and the EC can't seize property in Mountain View - but Google is international and has assets in most countries that can be seized - for them the bigger threat is probably a restriction of business if google search were to be banned in the eurozone[1] then there would likely be a reverse network effect that led to a loss of traffic globally - it wouldn't be unlikely for a lot of browsers to pull google from being a default search engine.
So, the EC has teeth they can use to enforce here - but more importantly google also wants to minimize how much they piss people off. Hence a PR stance of "Hey, we're sorry you feel that way - is there anything we can do to make this go away faster?"
1. I'm not saying this is likely or makes any sense for this particular probe.
Both Google and Fitbit have major EU subsidiaries in order to serve the European market. They could spin off the EU subsidiaries and merge only the US headquarters, although that would probably be impractical.
Google Ads policy: "“Google Entity” means Google LLC (formerly known as Google Inc.), Google Ireland Limited or any other Affiliate of Google LLC"
Fitbit Privacy Policy: "Fitbit International Limited, an Irish company, is your data controller and provides the Services if you live in the EEA, UK or Switzerland"
Intriguingly, it appears TikTok is doing just this to deal with the US government. Selling their US business but having a presence there, managed by a different company, has apparently been seen as a worthwhile option. But yeah, there's a lot of potential issues, especially if said divestments/spinoffs are really only such on paper. Too much coordination and the government still may be upset about it.
I moved off of fitbit when the deal was announced. The volume of data google collects on users is terrifying. Glad to see this is getting looked at with more scrutiny.
Technically it could be possible to just add Fitbit device support to apps like Gadgetbridge (https://gadgetbridge.org/), bypassing the biggest violation of privacy that are the current OEM companion apps, and thus be able to keep using the hardware you paid money for.
Genuinely curious, what personal consequences do you see for yourself due to Google acquiring Fitbit that would prompt you to avoid their devices? While I can understand the sentiment, this seems unnecessarily paranoid.
I am usually not worried about my personal privacy but the power that aggregated data gives to a company.
If they wanted, they could create or destroy businesses based on the data they have. Let's say they want to create a competitor to a small pop-corn stand. They could see the profiles of all people who go to that existing stand and make it look like something they wanted (eg. based on their YouTube history). They could check the paths they take daily, or the route they take to that stand and put their own in a better spot (eg. based on location history). They could only open the stand or promote it when people are really craving, for example after work or after a gym workout (eg. from the Fitbit data).
You get the point, the idea is that once you have all those insights into a mass of people, you can easily control them into buying your product or doing what you want them to do, while they think it's their idea to do that.
In general, people are very easy to influence. If I just mention the words "FIFA 20 on PS4", you are very likely to have all those thoughts about gaming and maybe actually want to start playing FIFA, even though before you had absolutely no intent to do so.
Data breaches are very common. While you, as a consumer, usually can’t make informed decisions about which companies will leak your confidential data, the easiest way to control the damage is to make sure one company doesn’t have too much of your data. This lessens the impact of an inevitable data breach.
Whether anything here constitutes misuse is a matter of both personal opinion (yours being very well known of course given your thoughts and comments about Google) as well as various laws but that doesn't make any of it a universally accepted truth or standard.
In my case I'm much more worried about security than privacy, and far more willing to trade off the privacy (more targeted ads) for the increased security - Google's infrastructure is way more likely to be properly secured vs. Joe Random wearables startup, or even Garmin, as a recent example...
Security also depends on your threat model: Who are you worried about accessing your data. (Privacy and security are actually two sides of the same coin.) You do not want hackers accessing your data, because they do bad things with it. I also don't want Google accessing my data, because they do bad things with it. Google uses data to harm competitors (of which I am not, thankfully) and people who speak ill of them[0] (which... yeah) so I should probably be pretty concerned about them knowing much about me.
The temporary removal of that app (its back now) had nothing to do with retaliation. I have a hard time believing that Google leadership would be that stupid.
Obviously, Google isn't going to admit that it did it out of retaliation, but an app doesn't get dropped for having "similarities to another mail app" after six years, two days after it's known they're speaking to Congress about Google's antitrust abuses. That takes an incredible stretch of the imagination.
Yep, totally. I am fine with concentrating my risk on a big company with a huge target on its back (Google, Apple, Microsoft, Amazon) but with enough money (and enough profit to protect) that they can correspondingly afford to compete effectively in the security arms race.
There are economies of scale to security just like with anything else.
OCD trekkie, I don’t doubt that you have worked assiduously to remove your data from Google, but I am genuinely curious what actual harm you are trying to avoid here.
It’s just another brick in the wall. Google owns products that have visibility into your: email, search history, home, likeness, location, voice, credit, health, DNA (through Calico), and more.
They might not use it maliciously today, but they could create a pretty good clone given the details of your life they have collected and continue to collect.
> They might not use it maliciously today, but they could create a pretty good clone given the details of your life they have collected and continue to collect.
I want to ask the inverse of this question. What can Google do to make you comfortable with their services while still being primarily an advertising company?
Some ideas I can think of:
1. Delete your data once it is no longer relevant for advertising (I think they already offer an option to delete data after some time)
2. Not sell any data to third party, and make strong claims about this that can be legally challenged.
3. Keep data encrypted so that data breaches or even malicious actors within the company can not access the data.
4. Anonymize user data so that a business who acquired a customer won’t know why a {name, shipping address, product, price, credit card, email} was targeted for this advertisement and was successfully converted to a sale through that advertisement.
5. Not offer suggestions/data/feedback to advertisers on how to exploit vulnerable target audiences (Example: help Casinos target gambling addicts 5% more efficiently by doing X,Y,Z changes)
6. Build a track record of legal challenges and pushback against governments to show that when they claim that data is deleted, it really is deleted.
I am not sure how many of these Google already has done - but if they are doing any/all of this, they aren’t being loud enough about it. If one has to read through 200 pages of terms and conditions to determine what they do, people will just assume the worst and be paranoid.
I would argue that being an advertising company makes it inherently incompatible with privacy and trust. The motivation to encourage users to buy certain products over others means there is constant monetary incentive to abuse consumers. Ironically, Larry Page and Sergey Brin believed that too: http://infolab.stanford.edu/~backrub/google.html (Appendix A)
It's a shame you're being downvoted on this point. I absolutely agree with you and think you're absolutely right. Modern digital advertising is absolutely incompatible with privacy and trust.
The entire point of advertising is to emotionally manipulate people into making purchases. Targeted advertising requires gathering and abusing data about people.
Great comment! On one hand, they have so much market power it’s hard for me to ever be “comfortable” with how much data they control. On the other hand, a proactive rollout of GDPR guidelines in the US would be a great start.
It's not superior, it's just a different type of data.
With Fitbit you also get heart rate, active times (gym, sports), combined with the optional phone-enabled location you can know person X goes to gym Y twicer per week and spends 1 hour doing HIIT. You can also get data such as sleeping hours, sleep patterns, at what floor a person lives or works (if he climbs the stairs).
Can they probe why this takeover hasn't resulted in a decent Google-branded smartwatch yet? I'd really love a competitor to the Apple watch for Android, but there isn't anything that really comes close.
As much as I am 100% skeptical of any Google acquisition (either they screw it up, neglect it, or shut it down), I was at least hoping that the Fitbit app would finally get Google Fit integration.
It’s actually fairly straightforward for this kind of thing.
What it’s saying is that Google would desperately love to use the US‘ anti-trust standard of concentrated market power being a-OK as long as consumers aren’t obviously being hurt right that second rather than the (better) European standard of considering the prospects of competitors and potential competitors as well.
Competitors such as Apple, Samsung, Garmin, Coros, and Suunto are doing fine with wearable fitness tracker devices. Fitbit was on a path to failure when Google bought them. The industry was due for a shakeout and consolidation as the technology matured.
But is dynamic of google buying up products and making them free or cheaper by subsidizing from search ads(with the goal of making search ads more profitable with additional data from free product) healthy for the market?
Especially when it is personal health data now at risk of being used to subsidize ads?
Advertising is already creepy enough trying to determine when, for instance, someone is pregnant via related purchases (and sometimes guessing correctly ahead of the person's own knowledge, per famous anecdata), just imagine how much more creepy it can get when it is data being sold to advertisers from your own wrist?
hmm, so it is time to clean all these specks off the monitor again - if it were done before I would have noticed the error.
on edit: although, really, bad grammar is important to corporate doublespeak as it lends an element of plausible deniability when you get called in front of committee.
"I'm happy that the IRS has selected me for audit. I am eager to assist them in their efforts to evaluate whether I have committed a wrongdoing. I love spending money on lawyers."
Don't waste too much time expecting consistency or even coherence on this thread. HN collectively loses 30 IQ points when commenting on any post about Google.
Yea, I may complain about HN's commentariat here and there, but it really is one of the higher-quality fora out there.
But for some reason, it's especially susceptible to specific triggering topics that cause complete forfeiture of critical thinking ability and intellectual honesty among a big chunk of the commenters (and voters).
There are plenty of valid criticisms of Google, but criticism is worthless if it isn't based in at least an attempt at intellectual honesty.
It is the "we appreciate" part that is disingenuous. The honest answer would be more along the lines of "We have done nothing wrong and are confident that any investigation with exonerate us of wrongdoing." That's the sort of thing a defendant's lawyer says on the courthouse steps.
That's communicating something different from what they intend. Your statement implies a default position of combativeness, while theirs states that they're open to some degree of regulation:
> on an approach that addresses consumers' expectations of their wearable devices
I agree, it's very much a work that is done together. If EU considers the deal hurt competition, then Google might still be able to buy Fitbit if they take measures that ensure competition is still healthy, so very good if one admits to that and are eager to find a way forward rather than the classic Uber-response "Everyone but us are stupid, it's our way or the highway"
Just some food for thought: Apple Watch captures heart data. As per local regulators, it cannot warn about certain conditions if their device/analysis wasn't cleared.
But it doesn't mean they don't have the corresponding data.
Edit: as per comments, Apple Watch data is encrypted. But fitbit data isn't
It seems that by default it's synced through iCloud: https://support.apple.com/HT204351 They say it's 'end-to-end encryption', but I don't see how that's possible?
The data is encrypted and requires an on-device key to unlock it, Apple doesn't have the key[0]. If you lose a device, the data can also be decrypted via a device's passcode + 2FA. (Or, alternatively, without 2FA, you make up another key that is needed to access the data)[1]
If they can decrypt the data if you lose the device, it by definition do not require an on-device only key. That is, Apple do have the key outside the device.
I did an interview with the FitBit reps at the last CES. And what they described to me was truly Orwellian. The company's big push is in the B2B offerings, all based on constant monitoring and the big data. Health insurance? Put FitBit on to monitor employees exercise levels and activities. Workplace safety? Put FitBit on. Heart rate data and arrhythmias? They already monitor and they are working on more. They even have a sleep score monitoring. And so on, and so forth...
From our writeup: "So what are the benefits for companies and insurance firms? Fitbit Health Solutions (FHS) provides a platform that offers insights and guidance to make employees healthier. But the benefits go beyond health. The FHS platform can improve productivity, reduce on-job stress and accidents, detect causes of absenteeism, and improve job participation.
The company has already released a premium membership subscription for enterprises and customers, especially since the release of its Versa 2 watch."
Quote: "In response, the tech giant said it would cooperate with the process.
"We appreciate the opportunity to work with the European Commission on an approach that addresses consumers' expectations of their wearable devices," blogged Google's devices chief Rick Osterloh."
Let me translate that, for those who don't read between lines yet, as I am fluent in corporate BS lately due to a project I'm involved. Here it goes the translation:
"We're giving exactly zero f*s about your inquiry, and we will do 100% to actually BS you all the way to December, while making you look good in front of your European constituents. Also we'll definitely try to bribe anyone in your committee if, by mistake, they actually will try to do their job."
This is THE most problematic part.
I am trying to make people understand this match made in hell for last 20 years and it has finally started to happen.
People will finally start to pay for their open sharing of their lifestyle and this is just the beginning.
Really, really bad.