What MyFitnessPal Knows About You | Avast

MyFitnessPal generally uses data to deliver the services they’re promising — with a few exceptions

I use very few apps every single day. Instagram tops the list, followed by Twitter — and then MyFitnessPal. I started using the food and calorie-tracking app at the end of last year, when I wanted to get more serious about my health. You know, after six months of pandemic-induced stress eating and drinking.

I respond well to lists and tracking, which is why I love my Fitbit so much. (Fun fact about me: I tracked how much I was drinking in a Google Doc for two years. Yup, I’m that person.) So for this What Does the Internet Know About Me?, I fearfully dipped my toes into the MyFitnessPal Privacy Policy. Here’s what I found.

What MyFitnessPal tracks

I primarily use MyFitnessPal as a food and calorie tracker, so here’s what I’m tracking: 

  • Foods I eat, including
    • Calories
    • Macronutrients 
    • Meal times
  • Height
  • Weight
  • Gender
  • Birthday
  • Location and zip code
  • Time zone
  • Email address
  • Username
  • Full name
  • Photo (if you submit one — I didn’t)
  • Steps taken/exercise (from connecting Fitbit)

And while I’m not tracking the following, MyFitnessPal does let users track: lifestyle (e.g. sleeping habits), life events, fitness goals, measurements, fitness level, heart rate, sleep data, BMI, biometric data, and similar types of data relating to physiological condition, and activity.

MyFitnessPal is also doing some tracking in the background that’s less obvious to the general user. For example, if you connect your Fitbit or other tracker (like I did), MyFitnessPal might collect info about your device, like its serial number, Bluetooth address, UPC, or “other data- or purchase-related information.” They also have cookies on their site, including ones that are “strictly necessary for functionality and cookies that are used for personalization, performance/analytics, and advertising.”

If you choose to sign in through social media (which I didn’t — and I never recommend doing, for privacy and security reasons), they may also collect information, with your permission, including your name, email address, profile picture, and friends list. 

If I lived in the EU, then the rules would be slightly different, because I would fall under the General Data Protection Regulation (GDPR). Under the GDPR, consumers have the right to:

  • Access Personal Data
  • Correction
  • Erasure
  • Restriction of processing
  • Data portability
  • Object to certain types of data processing
More:  The Stalkerware Threat | Avast

European MyFitnessPal users should also know that some of the data MyFitnessPal collects might be considered health data if collected over a long period of time; that data might be stored in the United States; and that they’ll ask for consent before serving you advertisements, “when legally required to do so.”

What MyFitnessPal could figure out

To be honest, I’ve struggled to think of something that MyFitnessPal could figure out about me based on this data. Unlike Fitbit, which tracks so much of my health stuff, MyFitnessPal is really focused only on food. They could determine when I’d made lifestyle and/or diet changes, based on what I’ve told them and my food logs.

But all of these things require me to proactively input the data that they’d need to make those guesses about me. It’s not the same as Fitbit, which I’ve allowed to passively collect health information. 

What does MyFitnessPal do with my data?

In general, MyFitnessPal uses the data they collect to deliver the services they’re promising — with a couple of exceptions.

One bit that stood out to me is where they say they “may obtain certain data about you from third party sources to help us provide and improve the Services and for marketing and advertising. We may combine your Personal Data with data we obtain from our Services, other users, or third parties to enhance your experience and improve the Services.” So what does that mean, really?

“My guess is that they’re going to take your personal data they have and combine it with that data they’re buying,” says Avast senior global threat communications manager Christopher Budd. “And then they’re going to use that to ‘enhance your experience’ but also for marketing and advertising through their service. So, if they’re getting info that you like a certain type of shoes, they’ll combine that with the fact that you’re telling them you’re running five times a week and show you running shoe ads from that brand.”

More:  Scam Spotter Makes Defense Clear and Simple | Avast

Not great! Data aggregators are notorious for taking “depersonalized” data and combining it with other data sources to create what essentially amounts to profiles of each user. MyFitnessPal isn’t the only company that might be doing this — it’s actually distressingly common — but this is undoubtedly the part that concerns me most about this app.

What am I getting in exchange for my data? What are the tradeoffs?

Real talk: I use MyFitnessPal every single day. I, like many of us, gained more weight than I was comfortable with during the pandemic and decided to be more proactive about losing it at the end of last year. MyFitnessPal has helped me really assess what I’m eating, how much I’m eating, and where all of those extra calories are coming from.

And it’s super helpful! I especially love that I can input a food — either by name or by scanning a barcode — and it searches its vast database to tell me the nutritional content and calories in it. It has changed my relationship with what I eat and drink in a good way, and it helps me keep on track toward my goals.

All things considered, I feel like the tradeoff is worth it. There’s very little in-app advertising (none if you pay for their premium offering) and it really helps me a lot. I don’t like what they might be doing with data aggregators but, again, this is a bigger picture problem — not a problem with this specific app. 

Because I’m a California resident and therefore protected under the California Consumer Privacy Act (CCPA), I could go through their very long page of instructions on how to opt out of the sale of certain data. But, like most tech companies that do this type of tracking and sale of data, it’s an arduous process. So until the United States changes its laws and regulations around data aggregation and tracking, unfortunately there’s not much I can do about it.


More from: | Category: Technology Company News