Skip to Main Content

Google’s moves on your health data is raising concerns. What this means for you.

Do you track your health with a Fitbit or own a Fossil Smartwatch? Then you might have heard of the recent push by Alphabet, the IT company better known by the name of its Google search engine, into the health sector  – with potentially significant consequences for customer’s private health data. The authorities are taking notice.

Shareholders of Fitbit have just approved Google’s $2.1 billion acquisition of the smart device manufacturer — but the US Department of Justice has launched its review of the acquisition. The big question will be how Google will handle that detailed personal user data from Fitbit and if it might combine this with other data — similar to the way Google first acquired the DoubleClick ad company as a stand-alone venture and later used it to combine user data from their popular services such as Gmail and YouTube.

Google wants your #healthdata – and you don’t even have to be wearing a #Fitbit for them to get it – you just have to retire.


The acquisition made headlines late in 2019 as it catapulted Google into a prime position into the health portion of the IoT – and gave Fitbit stockholders a 30% premium. The Google move follows their earlier acquisition of $40 million of Fossil smartwatch technology. For Google, the move gives them more firepower and product to compete against Apple. It’s a known strategy – buy popular device, get a foothold in the market, get user data, grow the share and the product, use the data to roll out more services. And about that data, Google has assured people that it has their best interests in mind, stating that “Fitbit health and wellness data will not be used for Google ads.” Don’t you feel better now?

Here comes Project Nightingale for your data

If you could ignore Fitbit — or avoid purchasing any smart device for your hand or in your home – you simply cannot ignore Project Nightingale. With this, Google is secretly accumulating millions of patient records across 21 American states in a venture with Ascension, a Catholic health care provider. This fast evolving story even has a whistleblower, a secret video, and a voiceover stating “I must speak out about the things that are going on behind the scenes.”

Hot stuff. The story was broken by the Wall Street Journal , confirmed by the Washington Post. The Wall Street Journal reported that the data in this program includes “lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, complete with patient names and dates of birth.” This is private data right? Well, they also reported that as many as 150 Google employees might have had access to the data. And, the Washington Post also reported that some of these employees might have downloaded some of this data.

It’s all about your health data

Google is not stopping there either. Camille Nebeker,  a professor at the University of California San Diego medical school had Google interested in her paper on using artificial intelligence for healthy aging – and they’d like to test products outside of their earlier 15-to-35-year-old target market. “And now they just want to go out to the retirement communities and start collecting data from residents to figure out how they can pitch their product to that demographic,” said Nebeker in Bloomberg Law.

The obvious fear is that Google could cross-match data – putting together hospital data with its own user’s data and Google ID – to come up with some very explicit information on individual activities. A lesser problem is the fact is that Google and Ascension have done this deal – where the data has not been made anonymous by removing personal information – without letting either doctors or patients know about it. But the huge unsettling issue is the awareness that this is a large step in surveillance capitalism, with our data — that private information on our aches and pains — fueling yet another round of digital intrusions into our lives.

Is the deal too HIPPA?

The Health Insurance Portability and Accountability Act (HIPPA) is really the only US-wide rule for protecting private data collection. Health data is protected at a much higher level than that collected by a typical smartphone app — even for Californians covered by the new California Consumer Privacy Act. “If the company violated HIPAA, it’ll be a legal bloodbath,” tweeted security reporter Violet Blue. Both Ascension and Google have since scrambled to say that their agreement was securely handling patient data under current privacy and security standards including HIPPA.

Big tech (Google) is in the cross-hairs

As the technology leader, Google is running around with a huge target on its back. Even before this latest round of health news broke, they were under investigation from 50 American states for “potential monopolistic behavior” in relationship to competitors. Now, in just a week, they have gotten the top Democrat on the House Judiciary antitrust subcommittee pushing for a pause on the Fitbit acquisition and a separate federal inquiry underway over the Google partnership with Ascension. In addition, there is also that Department of Justice inquiry. It’s a question: Is Google too big for its own health – or yours?

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.
Avira logo

Reclaim your online privacy