Europe clears Google-Fitbit with a ten-year ban on using health data for ads

Europe has greenlit Google’s $2.1BN acquisition of fitness wearable maker Fitbit, applying a number of conditions intended to shrink competition concerns over letting it gobble a major cache of health and wellness data following months of regulatory scrutiny of the deal.

While Google announced its plan to buy Fitbit over a year ago, it only notified the transaction to the Commission on June 15, 2020 — meaning it’s taken half a year to be given a caveated go-ahead by Europe. It is also now facing formal antitrust charges on its home turf — from more than one angle (though not related to Fitbit).

Under the terms of the EU’s clearance for ‘Gitbit’, Google has committed to not use the Fitbit data of users in the European Economic Area for ad targeting purposes for a ten-year period.

It says it will maintain a technical separation between health and wellness data collected via Fitbit wearables in a data silo kept separate from other Google data.

It has also committed to ensuring that regional users have an “effective choice” to grant or deny the use of health and wellness data stored in their Google Account or Fitbit Account by other Google services — such as Google Search, Google Maps, Google Assistant, and YouTube. But it’ll be interesting to see how much dark pattern design gets applied there.

Interestingly, the Commission says it may decide to extend the duration of the decade-long Ads Commitment by up to an additional ten years — if such an extension can be justified.

It further notes that clearance is conditional upon full compliance with all the commitments — the implementation of which will be monitored by a trustee, who must be appointed before the transaction can close.

This yet-to-be-appointed-person will have what the Commission couches as “far-reaching competences” — including access to “Google’s records, personnel, facilities or technical information”.

So EU regulators are taking a ‘trust but verify’ approach to letting this big tech merger steamroller on.

There are further competition focused commitments, too.

Here, Google has agreed to maintain access to Fitbit users’ data via a web API without charging third party developers for the access (of course subject to user consent).

It has also agreed to a number of commitments related to rival wearable makers’ access to Android APIs — saying it will continue free licensing for all core functionality competing devices need to plug into its dominant smartphone OS, Android.

Improvements in device functionality are covered under the agreement, per the Commission, so it’s intended to allow rival wearable makers to continue to be able to innovate without the risk of making a better/more capable device resulting in them being shut out of the Android ecosystem.

Google must also maintain API support in the Android Open Source Project version of its mobile platform.

Another concession the Commission has extracted from Google during this half year of investigation and negotiation is to say it won’t seek to circumvent the requirement to support rivals’ kit accessing Android via the API by degrading the user experience (such as by displaying warnings or error messages).

That’s — frankly — a pretty dysfunctional signal for a regulatory clearance to have to send. And it highlights the level of mistrust that has built up about how Google’s business operates.

Which in turn raises the existential question for EU regulators of why they are allowing themselves to bend over and let Google-Fitbit go ahead. Unsurprisingly, then, the Commission’s PR sounds a tad defensive — with EU lawmakers writing that the decision “is without prejudice to the Commission’s efforts to ensure fair and contestable markets in the digital sector, notably through the recently proposed Digital Markets Act” (DMA).

It also notes that the monitoring trustee will be entitled to share reports that it provides to the Commission with Google’s lead data protection supervisor, the Irish Data Protection Commission. (Though given the massive big tech-related case backlog on its desk — including a number of investigations into other elements of Google’s business — that’s unlikely to cause Mountain View any extra sleepless nights.)

The Commission does also say that commitments secured from Google include “a fast track dispute resolution mechanism that can be invoked by third parties”. So it’s clearly trying to go the extra mile to justify greenlighting further consolidation in a consumer digital services space that Google already massively dominates — at a time when US lawmakers are headed in the opposite direction. So, um…

Civil society in Europe (and beyond) has been raising a massive clamour about the Google-Fitbit acquisition ever since it was announced — urging the bloc’s regulators to stop the tech giant from gobbling Fitbit’s cache of health data, unless or until human rights protections can be guaranteed.

Today the Commission has sidestepped those wider rights concerns.

At best it believes it’s kicked the can down the road a decade or, max, two. And by 2030 (or 2040) it will hope that rules it’s just proposed to put strictures on digital gatekeepers like Google will be in a position to prevent future abuse in check.

The EU’s oft stated preference is to regulate tech giants, not to break up their empires — or, as it turns out, stand in the way of further empire expansion.

Commenting on the Google-Fitbit clearance in a statement, Vestager said: “We can approve the proposed acquisition of Fitbit by Google because the commitments will ensure that the market for wearables and the nascent digital health space will remain open and competitive. The commitments will determine how Google can use the data collected for ad purposes, how interoperability between competing wearables and Android will be safeguarded and how users can continue to share health and fitness data, if they choose to.”

Taking questions from a European parliament committee last week, Vestager signalled the inexorable looming clearance of Gitbit — saying the US and Europe have a different approach to dealing with market-dominating tech giants. “In Europe we do not have a ban of monopolies,” she told MEPs. “They have a different legal basis in the U.S. We would say you’re more than welcome to be successful but with success comes responsibility — which is why we have article 102 [against abusing a dominant position].”

It’s also why the Commission has felt the need to propose new regulation to strengthen competition enforcement in digital markets — though it’ll most likely be years before the DMA is adopted.

And in the meanwhile EU regulators are letting Google expand its dominance of people’s private information by bagging up Fitbit’s treasure trove of sensitive health data — for full exploitation later.

In any case, as Harvard professor Shoshana Zuboff warned last week, surveillance capitalism’s business ambitions now scale far beyond mere targeted ads. The goal is to use data “for the sake of predictions that become more lucrative as they approach certainty”, as she put it — warning society must intervene in the public interest to put a stop to the tech giants’ “epistemic coup”. 

Accurate predictions generated off of health data could be very lucrative indeed for Google (which has been ramping up its focus on the health sector in recent years).

Whether that’s net good or bad for humanity remains to be seen — which isn’t the kind of major gamble regulators should be comfortable with. So plenty will say the Commission is just fiddling round the margins while giving big tech a handy bypass for competition enforcement.