Runkeeper must do more to earn users’ trust

18. mai, 2016

Runkeeper announced that they are removing the bug that “inadvertently caused the app to send location data to the third-party service”. It’s a start, but far from good enough.

The launch of the new version of the app follows our complaint to the Norwegian Data Protection Authority on Friday, where we ask them to investigate what we deem to be several violations of Data Protection Law.

The circumstance that this leading fitness app with more than 45 million users inadvertently collects personal user data tracking users when the app is not in use and sending the data to third parties, indicates that the app industry needs to do more to earn their users’ trust.

This quick response to criticism by Runkeeper is, of course, welcome, but it is not enough. We expect Runkeeper to ensure that the third party (www.kiip.me) deletes the illegally collected data immediately.

Furthermore, Forbrukerådet also stresses that Runkeeper’s privacy policy or terms of service do not state whether there is a time limit for the data being stored or whether the service provider deletes personal data when the user requests it or deletes their account. Also, Runkeeper claim no liability for certain types of data they share with third parties (such as device ID etc).

Runkeeper should fix a few more things while they are at it. In our app report, published in March, we criticize Runkeeper for having:

1. Too wide licenses for user generated content using (we filed a complaint against Tinder earlier this year for having similar terms)
2. No clear policy for deletion of data of inactive users
3. No advance notice when changing their terms
4. No specification of with which party they share user data

All of these issues, are breaching either the EU Unfair Contract Terms Directive or key articles of Data Protection law, according to our analysis. Runkeeper should now use this opportunity to become the best fitness app when it comes to consumer and data protection. This way they will finally earn their user’s trust.