The Norwegian Consumer Council has reported the American company behind Runkeeper to the data protection authority, in Norway. Following testing of the fitness app, the consumer council believes that data is captured and transmitted, even when Runkeeper is not being used.
Runkeeper has been developed by a company called FitnessKeeper, which is based in Boston, in the United States. The consumer council argues that the app sends data to a third party in the US.
The data that the consumer council is particularly concerned about relates to location, physical fitness information and exercise habits, as it believes that Runkeeper users are unlikely to want these details shared with third parties.
Even when a smartphone had not been used for 48 hours, Runkeeper was still found to have been transmitting GPS location data.
The issues that the consumer council claims to have identified relate specifically to the Android edition of the app.
Any breaches in data protection could potentially affect vast numbers of people across the world. Runkeeper is one of the most popular health and fitness apps on Google Play, with over 10 million installs.
And data sharing with a third party not the only issue that the consumer council has with the fitness app. The body has also accused Runkeeper of requesting that users grant the app a range of permissions that are not actually needed to provide its service.
A complaint has now been passed to Norway’s data protection commissioner, Bjørn Erik Thon, with Runkeeper accused of violating both Norwegian and European privacy laws.