← Back to context

Comment by Cheer2171

18 hours ago

The MyFitnessPal privacy policy says "We use photos, videos, or other data you provide to us to customize our Services." [1]

That's all they need to do to cover themselves.

[1] https://www.myfitnesspal.com/privacy-policy

The policy defines "Services" as the mobile app and website. How is building a general purpose model for what the average fridge looks like used to customise either the website or the app? This feels like the kind of flimsy reasoning that only holds so long as no one is challenging it.

  • Easy. They provide this new general purpose model through the website. Bam, that's a Service that uses photos to customize. They can also expand what counts as a Service unilaterally.

    With this broad of a privacy policy, they can start MyFitnessPal.com/UncroppedCandidPhotos where they let people search for users by name, email, or phone and sell your photos to the highest bidder, and that still would count as a Service that uses photos to customize. You consented to it!

    > This feels like the kind of flimsy reasoning that only holds so long as no one is challenging it.

    No, it is written by professional lawyers to be as permissive as possible.

    • > No, it is written by professional lawyers to be as permissive as possible.

      But you repeat myself.

      OK, say they do all that, that isn't customisation (I would argue) it is a new service that was built from unconsented data scraped from users of the pre-existing services. Call that splitting hairs if you like, but this looks like a risk to me.

> That's all they need to do to cover themselves.

If this is real and not a joke, I bet some DPA will disagree if this is brought to their attention. Effective consent under GDPR requires informed consent.