A few years ago I got a Withings bathroom scale: one that knows it’s me, records my weight, body mass index and fat percentage on a graph informed over wi-fi. The graph was in a Withings cloud.
I got it because I liked the product (still do, even though it now just tells me my weight and BMI), and because I trusted Withings, a French company subject to French privacy law, meaning it would store my data in a safe place accessible only to me, and not look inside. Or so I thought.
Then, in 2016, the company was acquired by Nokia and morphed into Nokia Health. Sometime after that, I started to get these:
Still, I was too busy with other stuff to care more about it until I got this from community at email.health.nokia two days ago:
Here’s the announcement at the “learn more” link. Sounded encouraging.
So I dug a bit and and saw that Nokia in May planned to sell its Health division to Withings co-founder Éric Carreel (@ecaeca).
Thinking that perhaps Withings would welcome some feedback from a customer, I wrote this in a customer service form:
One big reason I bought my Withings scale was to monitor my own weight, by myself. As I recall the promise from Withings was that my data would remain known only to me (though Withings would store it). Since then I have received many robotic emailings telling me my weight and offering encouragements. This annoys me, and I would like my data to be exclusively my own again — and for that to be among Withings’ enticements to buy the company’s products. Thank you.
Here’s the response I got back, by email:
Thank you for contacting Nokia Customer Support about monitoring your own weight. I’ll be glad to help.
Following your request to remove your email address from our mailing lists, and in accordance with data privacy laws, we have created an interface which allows our customers to manage their email preferences and easily opt-out from receiving emails from us. To access this interface, please follow the link below:
Obviously, the person there didn’t understand what I said.
So I’m saying it here. And on Twitter.
What I’m hoping isn’t for Withings to make a minor correction for one customer, but rather that Éric & Withings enter a dialog with the @VRM community and @CustomerCommons about a different approach to #GDPR compliance: one at the end of which Withings might pioneer agreeing to customers’ friendly terms and conditions, such as those starting to appear at Customer Commons.
October 1, 2018 at 11:05 pm
Very informative article and thanks for sharing your personal experience with breach of end-user privacy and vague user agreements manufacture put in place. I came across a news article and was curious on your take on it, and if it would have any bearing on the security issues you speak of.