The European Data Protection Board (EDPB) said on Thursday 20 February that the acquisition by US giant Google of the company Fitbit “could lead to a high level of risk for privacy and data protection”.
The proposed $2.1 billion merger, announced last November by Google, would give the company access to a wealth of data about the health of Fitbit users.
In its statement, the EDPB reminded both parties of their obligations under the General Data Protection Regulation (GDPR), in force in Europe since 2018.
It also calls on them to “conduct a full assessment of the data protection requirements and privacy implications of the merger in a transparent manner”.
Before notifying their merger to the European Commission, Google and Fitbit “will have to mitigate possible risks to privacy and data protection rights”, says the EDPB.
Will British Google users soon be deprived of GDPR?
Google is also reportedly planning to bring the accounts of its British users under US jurisdiction, removing them from the EU’s strict privacy controls, according to information released by the Reuters news agency on Wednesday 19 February.
As a result of Brexit, the US company intends to ask its UK-based users to accept new terms and conditions of use that reflect this change.
According to the news agency, Google wants to avoid any legal incompatibility and justifies this decision on the grounds of uncertainty about the British position: will the UK continue to comply with the GDPR, or will it adopt its own rules?
However, the placement of British data under US jurisdiction will only take place after the end of the post-Brexit transition period. Until 31 December, the GDPR will continue to apply across the Channel. (Original version in French by Agathe Cherki – intern)