The Norwegian Consumer Council (NCC) has lodged a complaint against Runkeeper, a popular fitness app and its developer FitnessKeeper before the Norwegian Data Protection Authority. The complaint claims that the app:
- Doesn’t clearly state what it defines as personal data
- Requests unnecessary permissions
- Reserves the right to update the privacy without prior notice
- Requests perpetual right to the user’s content, which allows it to share the user’s content with third parties (US-based advertiser Kiip.me, specifically)
- Does not delete personal data when the app has not been used for some time, nor does it delete user data when a user deletes his or her account.
Summarily, the app tracks users even when not in use, does not delete personal data when users stop using it, and shares users’ personal data with an advertising company.
The NCC has asked the Norwegian Data Protection Authority to investigate the matter and take necessary actions – sanctioning FitnessKeeper if need be. Runkeeper is one of the most popular fitness apps in Norway but the developers FitnessKeeper has no officical presence in Europe. This makes it unclear what kinds of sanctions the Norwegian Data Protection authority can enforce on them.