Google pushes further into health care with Fitbit, raising new privacy concerns

The search giant has faced blowback for its health care projects in the past.

Richard Nieva Former senior reporter
Richard Nieva was a senior reporter for CNET News, focusing on Google and Yahoo. He previously worked for PandoDaily and Fortune Magazine, and his writing has appeared in The New York Times, on CNNMoney.com and on CJR.org.
Richard Nieva
4 min read

Google announced it will buy Fitbit. 

Stephen Shankland/CNET

Google's $2.1 billion purchase of Fitbit signals that the search giant is intent on burrowing deeper into our lives, giving it access to some of our most personal health information. If the company's earlier efforts in health care are any indication, Fitbit owners may want to consider where that information might end up.

Over the past three years, Google's experiments in using artificial intelligence and medical data have resulted in government complaints and lawsuits because critics say patient privacy wasn't protected. In one case, Google was provided with identifiable patient information that included doctors' notes and date stamps.

Google didn't respond to a request for comment.

Google's push into health care comes as lawmakers and consumers increasingly express concerns about the amount of personal information big tech companies collect about users, much of which is used to target ads. On Friday, when it unveiled the deal, Google pledged that Fitbit's health and wellness data won't be used for its massive ad business. 

Still, analysts say Google's relationship with Fitbit, the most popular step counter on the market, could be even more invasive. Health data could factor into other projects. For example, it could be used for medical apps or deepen the company's relationships with health insurance providers, said Carolina Milanesi, an analyst at Creative Strategies. 

"The data doesn't have to be for advertising," she said. "When it comes to health, there's a hell of a lot of money to be made over services." That could include health insurance tie-ins or broader medical apps, Milanesi said. For example, the company could follow Apple's lead. The iPhone maker has a deal with insurance company Aetna that would let people earn points to subsidize the cost of an Apple Watch .

Google tried to downplay concerns, saying Fitbit would slot into its growing consumer device business, which includes its flagship Pixel 4 phone, Nest Mini smart speaker and mesh Wi-Fi router.

The search giant also knew privacy issues would be top of mind and tried to pacify any concerns. "Similar to our other products, with wearables, we will be transparent about the data we collect and why," Rick Osterloh, Google's hardware chief, said in a blog post. "We will never sell personal information to anyone."

Founded in 2007, Fitbit is a pioneer in wearable tech . It helped usher in the age of step counters. Though the company has struggled financially, Fitbit still had a market share of 10.1% in the second quarter of 2019, shipping 3.5 million devices, according to IDC's latest wearables report. Fitbit is also seeking FDA clearance on sleep and heart rate measurements.   

Google and Alphabet, its parent company, already have a robust operation around medical research. Alphabet's health tech arm, called Verily, has developed its own wearables, including a smart contact lens for people with age-related farsightedness and a sensor-packed watch to collect data for clinical studies. Another Alphabet company, Calico, is trying to expand the length of the average human life span. 

But Google has faced blowback for other health care projects that involved sensitive, personal information about patients. Two years ago, Google, the University of Chicago and an affiliated medical center struck a partnership that allowed the search giant to use patient data and health records in an attempt to improve predictive analysis. But in July, the search giant, the university and the medical center were hit with a lawsuit after the medical center allegedly shared records with Google without stripping away identifiable information. That data included doctors' notes and date stamps for "hundreds of thousands" of patients. At the time, Google said it acted in accordance with the law. The University of Chicago said the claims were "without merit."

The incident in Chicago wasn't isolated. Deepmind, a Google artificial intelligence unit in the UK, got into hot water for the way it used data obtained through partnerships with hospitals. In 2016, Deepmind unveiled a pact with the Royal Free Hospital in London to build an app that would identify patients with acute kidney damage. But not every patient was aware that his or her data was being given to Google to test the app. 

Fiona Caldicott, National Data Guardian at the UK's Department of Health, called the project legally "inappropriate," according to The Guardian

The search giant is already facing trust issues when it comes to data and privacy. Google CEO Sundar Pichai in May published an op-ed in The New York Times called "Privacy Should Not Be a Luxury Good." In the article, Pichai vows that the company will try to do more with less data. 

When it comes to health data, those concerns are amplified -- especially if that information is carelessly shared with third parties, breached or exploited. Google will have to convince Fitbit consumers that it's up to the task of protecting their most sensitive information.

"Privacy breaches in the hands of the wrong people are devastating," said Brian Solis, an author and analyst who's written about how data is changing traditional industries. "In this case, it's terribly personal data."