Fitbit Google Health Data Merger: Health Wearable Data Absorbed into Ad Empire

Google's $2.1 billion acquisition of Fitbit raised significant concerns about the combination of detailed health and fitness data with Google's advertising infrastructure. Despite promises to EU regulators that Fitbit health data would not be used for advertising for at least 10 years, privacy advocates questioned the enforceability and scope of these commitments. Fitbit collects intimate health data including heart rate, sleep patterns, menstrual cycle tracking, stress levels, blood oxygen levels, and activity metrics for over 30 million active users. Critics argued that even without directly using health data for ads, Google could use Fitbit data to improve its understanding of user behavior and enhance ad targeting indirectly. The acquisition also meant Fitbit users' health data became subject to Google's privacy practices and data handling, which many Fitbit users had specifically avoided by choosing Fitbit over Google products. Users who wanted to continue using their Fitbit devices were eventually required to migrate to Google accounts, eliminating the data separation that originally existed.

The ramifications of this incident extend beyond the immediate data exposure. Privacy regulators in multiple jurisdictions have opened investigations, and affected individuals are organizing collective action to demand accountability and meaningful remediation. The case highlights systemic weaknesses in how organizations handle personal data and the gap between corporate privacy promises and operational reality.

For impacted individuals, immediate action is critical. Filing a data subject access request forces the company to disclose exactly what data they hold about you, providing the foundation for deletion requests, regulatory complaints, and potential legal action. Below, we outline the specific data types at risk and the concrete steps you can take to protect yourself.