Multiple fitness trackers are being accused of violating European law

Some of the biggest fitness trackers around could be in for a major headache in Europe.

Fitbit, Jawbone, Garmin, and Mio have all been accused of violating European privacy and consumer laws over how they handle users’ data.

They’re being accused by the Norweigian Consumer Council, which is reporting them to Norwegian Data Protection Authoritiy and the Consumer Ombudsman.

The council has four key concerns about the companies, their terms and conditons, and how they treat users’ data.

These are:

  • “None of the companies will give users proper notice about changes in their terms.
  • “All of the wristbands collect more data than what is necessary to provide the service.
  • “None of the companies fully explain who they may share user data with.
  • “None of the companies state how long they will retain user data.”

The report warns that users of fitness trackers risk “giving up personal information about our health, activities, and location under asymmetrical and obscure terms,” and that the Council “fear[s] that this information can be exploited for direct marketing and price-discrimination purposes.”

Reached for comment, a Jawbone spokesperson said the company is “currently reviewing the report from the NCC.” Fitbit, meanwhile, said it “share[s] the Norwegian Consumer Council’s commitment to protecting consumer privacy, and we look forward to working with them and regulators to continue to ensure strong privacy practices are in place.”

Mio and Garmin did not immediately respond to requests for comment.

Data law can be a recurrent issue for tech companies operating in Europe. Regulators on the Continent can take a stricter approach to privacy issues in the US. And last year Europe’s top court struck down Safe Harbour, a mechanism for legalising the transfer of user data between the US and the EU, causing chaos for the thousands of companies that relied on it.

Here’s the full comment from Jawbone:

“We are currently reviewing the report from the NCC.

“We want to reassure our users and let them know that we only share their data if they ask us to – for example to integrate with a 3rd party app. We are custodians of the user’s data. We collect it, analyse it, and present it back to the user with meaning. The user may give us permission to share that data. They can download their data and take it somewhere else. And they can ask us to delete it (which we will do).”

And here’s the full FitBit statement:

“We share the Norwegian Consumer Council’s commitment to protecting consumer privacy, and we look forward to working with them and regulators to continue to ensure strong privacy practices are in place.

“As the leader in connected health and fitness, Fitbit is committed to protecting the privacy of our users’ data and the trust of our customers is paramount. It has always been our policy not to sell user data; we have never sold personal data and we do not share personal data unless a user specifically directs us to do so, or under the limited exceptions described in our privacy policy, Furthermore, Fitbit tries to employ clear, non-legalese language in our policies so our users understand what data we collect and how we use it, and we continually look for ways to improve our written policies.

“We also wanted to note that on September 29, 2016, Fitbit submitted its self-certification of adherence to the new Privacy Shield Framework. Fitbit’s rapid adoption of the new Privacy Shield regulations affirms our ongoing commitment to data security for our customers.”

Here’s a link to the full report »

NOW WATCH: How the ‘perfect body’ for men has changed over the last 150 years

NOW WATCH: Tech Insider videos

Want to read a more in-depth view on the trends influencing Australian business and the global economy? BI / Research is designed to help executives and industry leaders understand the major challenges and opportunities for industry, technology, strategy and the economy in the future. Sign up for free at