← Back to context

Comment by ryanschaefer

8 hours ago

I’d be interested in how your privacy policy allows this. I can’t find where it mentions photos are stored or used for training purposes…

9 comments

ryanschaefer

Reply
Cheer2171  8 hours ago

The MyFitnessPal privacy policy says "We use photos, videos, or other data you provide to us to customize our Services." [1]

That's all they need to do to cover themselves.

[1] https://www.myfitnesspal.com/privacy-policy

  • moreofthis  7 hours ago

    The policy defines "Services" as the mobile app and website. How is building a general purpose model for what the average fridge looks like used to customise either the website or the app? This feels like the kind of flimsy reasoning that only holds so long as no one is challenging it.

    • Cheer2171  7 hours ago

      Easy. They provide this new general purpose model through the website. Bam, that's a Service that uses photos to customize. They can also expand what counts as a Service unilaterally.

      With this broad of a privacy policy, they can start MyFitnessPal.com/UncroppedCandidPhotos where they let people search for users by name, email, or phone and sell your photos to the highest bidder, and that still would count as a Service that uses photos to customize. You consented to it!

      > This feels like the kind of flimsy reasoning that only holds so long as no one is challenging it.

      No, it is written by professional lawyers to be as permissive as possible.

      1 reply →

  • tgsovlerkhgsel  7 hours ago

    > That's all they need to do to cover themselves.

    If this is real and not a joke, I bet some DPA will disagree if this is brought to their attention. Effective consent under GDPR requires informed consent.

ipaddr  8 hours ago

I would be more interested on why you believe something like this isn't baked into most privacy policies.

I'm not shocked but I'm shocked you are shocked.

  • moreofthis  8 hours ago

    Giving their policy an (admittedly quick) skim there doesn't seem to be any section that mentions AI, LLMs, training any kind of model, using image data from barcode pictures, etc. I'd be very curious to see the explanation of how this is baked into the policy.

  • ryanschaefer  8 hours ago

    I’m not exactly shocked that it could exist. But this usage (beyond the scope of processing barcodes) seems like it couldn’t be construed to fit into the normal avenues of data collection under a privacy policy. Also with regard to training specifically, this policy was created in late 2020 so I don’t know how it would cover generative models.