14 DAY TRIAL // Norwegian authorities are planning to send an official complaint to FitnessKeeper, a US company that runs various fitness & health mobile apps, for breaching European data protection law by secretly tracking users and then transferring their data to a US-based advertiser.
The revelation came after Norway's Consumer Council (NCC) conducted an investigation of twenty mobile apps, among which they also included FitnessKeeper's Runkeeper app.
Runkeeper breaks users' expectations of privacy
Researchers discovered that Runkeeper is tracking and collecting data on users even if the user is not using the app, NCC digital policy director Finn Myrstad has told ArsTechnica today.
Additionally, the app also fails to delete personal data when the user closes their account and also requests more permissions that the app actually needs to run properly.
The Norwegian privacy watchdog also analyzed the app's terms of service and discovered that Runkeeper has given itself the rights to update its privacy policy at any time, without notifying users in advance.
NCC claims that, after collecting all this data on its users, FitnessKeeper is transferring it to Kiip.me, a US-based advertiser.
Same issues also found in Tinder
Legally, the NCC currently has no powers over FitnessKeeper, since Europe's Safe Harbour program was shut down, and the new European General Data Protection Regulation (EGDPR) has not yet been formally approved.
When this happens, Norwegian authorities could impose hefty fines and even request the app change its terms of service.
Europe is very strict about privacy policies, and in March, the same Norwegian council filed a similar complaint against Tinder, who also didn't delete personal data after users deleted accounts, and also shared private user details with advertisers.
Additionally, the app is also in trouble in parents worldwide, after being shown that children as young as thirteen can register accounts.