Norwegian authorities are planning to send an official complaint to FitnessKeeper, a US company that runs various fitness & health mobile apps, for breaching European data protection law by secretly tracking users and then transferring their data to a US-based advertiser.
The revelation came after Norway’s Consumer Council (NCC) conducted an investigation of twenty mobile apps, among which they also included FitnessKeeper’s Runkeeper app.
Runkeeper breaks users’ expectations of privacy
Researchers discovered that Runkeeper is tracking and collecting data on users even if the user is not using the app, NCC digital policy director Finn Myrstadtoday.
Additionally, the app also fails to delete personal data when the user closes his account and also requests more permissions that the app actually needs to run properly.
NCC claims that after collecting all this data on its users, FitnessKeeper is transferring it to Kiip.me, a US-based advertiser.
Same issues also found in Tinder
Legally, the NCC currently has no powers over FitnessKeeper, since Europe’s Safe Harbour program was shut down, and the new European General Data Protection Regulation (EGDPR) has not yet been formally approved.
When this happens, Norwegian authorities could impose hefty fines, and even request the app change its terms of service.
Europe is very strict about privacy policies, and in March, the same Norwegian council has filed a similar, who also didn’t delete personal data after user deleted accounts, and also shared private user details with advertisers.
Additionally, the app is also in trouble in parents worldwide, after being showed that children as young as thirteen can register accounts.