Google’s $2.1 billion purchase of Fitbit will, if nothing else, be an excellent test case for California’s new consumer data privacy law, which takes effect in January. The California Consumer Privacy Act (CCPA) requires companies above a certain size let their customers know what kind of personal data is being collected and what it’s being used for, and gives individuals a level of control over the collection and use of their data.
The activity, location and health data collected by Fitbit devices is highly personal. It’s also highly valuable to Google’s business model. Which is about collecting, cross referencing and publishing data. Fitbit collects a flood of data from its users, and Google will be sorely tempted to mash it up with geo-referencing, email, search history and every other kind of data it has.
Most users probably won’t care, and will probably see a benefit from the kind of cross referencing Google might do – correlating heart rates to real time air quality data, for example.
But some users won’t like that at all. If Google is transparent about what it’s doing, and figures out a user-friendly process and interface to implement the procedures that CCPA mandates, users should have the knowledge and tools to control who else, if anyone, profits from their data.
That’s a big if, though. The functionality of fitness and activity trackers depends on the ability to transfer the data collected from the device to a platform that can store the data and perform value added analysis. If it’s done well, adding external data will increase the value of the analysis, but it also means commingling data sources, often in a complex way. Users have to understand that interplay in order to give (or withhold) informed consent. Figuring out how to do that with health and fitness data is about as hard as the problem gets.