Since news broke that Google bought Fitbit for $2.1 billion, one of the big questions was how that massive treasure trove of Fitbit data would be handled. Everyone saw what happened with Nest. As a company, Nest and its data operated separately for a long while, but earlier this year, Nest users were told to migrate their accounts. Their data was now Google’s data. The prospect has reportedly led some current Fitbit users to mull alternative options, citing distrust that Google would keep its word that Fitbit users’ data would remain private. Concerned Fitbit users have good reason to be wary—but truth be told, Fitbit started exploring ways to make money with your data a long time ago.
To the average person, Fitbit is more or less known for its hardware. However, one of its lesser-known businesses is its Fitbit Health Solutions division. It peddles Fitbit Care, the company’s “enterprise health platform” that’s marketed toward employers, health plans, health systems, and researchers. In a nutshell, employers or health plans get a custom storefront that encourages employees to get discounted Fitbit trackers and smartwatches. During setup, the employees are then enrolled in the company’s wellness program—which includes a data analysis platform that “helps program administrators easily motivate employees and evaluate impact.” Among the engagement insights advertised, administrators can see continuous participation levels and engagement, the proportion of employees that meet, fail, or exceed a company or plan’s activity goals, trends, as well as group reporting on specific metrics like steps and active minutes. Individual and group level data are also available for export.
It’s a lot, and there’s a chance your company or health care provider has already vaguely floated the option to you in an email about benefits. John Hancock, one of the largest North American life insurers, announced in 2018 that it will only sell interactive policies that make use of wearables like Fitbit or Apple Watches. Customers who bought in could qualify for cheaper premiums and Amazon Prime memberships. Likewise, Blue Cross Blue Shield also launched an exclusive program with Fitbit last year that offered weekly deals and special offers on services, gym memberships, and other products. UnitedHealthcare also launched a program that slaps a Fitbit Charge 3 on your wrist with the potential to earn more than $1,000 a year in incentives if they met certain step goals. Rounding things out, when the company initially launched the Fitbit Inspire, it was reportedly only available through insurers (though you can now buy it directly from the site).
It’s not like Fitbit has tried to hide this part of its business. At press conferences and product launches, there’s always a brief section on how this part of its business is doing—and the numbers seemingly go up with each subsequent update. It’s just not headline-grabbing in quite the same way as a shiny new tracker or smartwatch.
As hardware sales began dipping amid rising competition and a shift away from basic trackers, this part of its business—the part that is fueled in part by the knowledge Fitbit has a mountain of actionable data—has only grown. Earlier this year, Fitbit CEO James Park said during an earnings call that he expected Fitbit’s “Health Solutions revenue growth to accelerate approximately $100 million and to grow non-device consumer revenue.” Park added that 6.8 million Fitbit users had plugged into the enterprise platform and that its devices were part of 42 Medicare Advantage programs in 27 states nationwide. Is Fitbit directly profiting off individual health data in this scenario? No. But it is, in a sense, selling a product based on the fact that it has access to a lot of people’s health data.
In the section on data retention, Fitbit says “We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.” Does that include exercise data even after you delete your account? What data that falls under “use of the Services” constitutes legitimate business interests? What does “as long as necessary” even mean? Gizmodo reached out to Fitbit for further clarification, but did not immediately receive a response.
Perhaps underscoring all this is that the acquisition isn’t even the first data-related dealings between Fitbit and Google. In April last year, Fitbit announced the two companies were working together to develop “consumer and enterprise health solutions.” Basically, Fitbit was interested in Google’s Cloud Healthcare API to again, further Fitbit’s integration within the healthcare system by “connecting user data with electronic medical records.” As part of the effort, Fitbit moved onto the Google Cloud Platform, a move the company itself described as helping to “accelerate the Fitbit Health Solutions business and expand deeper into population health analysis.”
This is just a reminder that Fitbit views its data as a valuable source of revenue, and has been looking to leverage it for a long time. Google didn’t need to be in the picture for this to be a concern. Until there’s stricter privacy legislation on what tech companies can and can’t do with your health data, the safest option is never putting one on your wrist in the first place.
Update, 11/20/2019, 1:50 pm: Fitbit responded with the following statement regarding its corporate wellness plans.
The company also clarified that when you delete your account, it deletes Fitbit data associated with that account, including “any heart rate, exercise, sleep, or female health data.” However, it may take up to 90 days due to that information being stored on backup servers.