Samsung Health app threatens data deletion if users opt out AI training
170 points by bundie 3 hours ago | 49 comments

rdtsc 59 minutes ago
> The company plans to grab four categories: your sleep, your medications, your medical records, and your cycle tracking details

So you buy a device but you can't effectively use half of its features because you'd also have to agree to send them your medical records? Ok then if I refuse, will they refund 50% of the device price since now it's not usable any more?

reply
benjiro29 46 minutes ago
If your in EU, you contact the local EU consumer group where you buy the device.

https://www.europe-consommateurs.eu/en/who-we-are/about-us/e...

And file a complaint... As that breaches a dozen or more EU laws. If a lot of people do it in all the countries, it becomes a national issue.

That is the only way you fix things, and yes, we have had multiple successes with companies taking the piss. Even Samsung can not escape as their have officies in the EU and sell products there.

For the folks outside the EU, ... Its a harder fight and you need to look up your local agencies.

reply
sam1r 53 minutes ago
[flagged]
reply
JoshTriplett 32 minutes ago
> I really feel like "grab" is quite condescending

By all means, let's use a more appropriate term, like "abuse" or "misappropriate". It's not sufficiently condescending for a company that's trying to train AI on people's private health data.

reply
mcmcmc 22 minutes ago
Do you think those services are “free”? If you want cloud storage and syncing, it comes at a price. If you’re not paying with money, you’re paying with your privacy and freedom.
reply
JoshTriplett 5 minutes ago
We are not required to permit every possible business model to exist. Companies are desperately trying to get their hands on every piece of data they can get to train AI, hence the abominable use of "opt out", which is already horrible even without the added bait-and-switch coercion of "or we'll make the device you already purchased worse".

"pay or consent" stunts have already been ruled illegal under the GDPR. This goes even further than that, where you don't even have the option to pay.

reply
aftbit 8 minutes ago
I sorta assumed they were making money from selling you the device.
reply
BigTTYGothGF 25 minutes ago
> condescending

How can you be "condescending" to a company?

reply
ben_w 14 minutes ago
Same way as towards a natural person, I recon?
reply
Barbing 24 minutes ago
Samsung can mitigate the harm and frustration by providing users options. Would you prefer this pathway of their way or the highway?
reply
ben_w 18 minutes ago
> I really feel like "grab" is quite condescending to a company (Samsung) that provides services at scale (upon/after consent) to help you.. "be better" (simplified..), with direct customization and tailoring.

The headline as described sounds to me like they're violating GDPR by tying to force "consent" for a not-strictly-necessary-for-functionality use of health data. The European Data Protection Board has repeatedly stated that consent is (generally) not considered to be "freely given" if there is a significant detriment for refusing it or if the user has no genuine choice.

Note however that caveat: as described. There may be some more details which make this not unlawful. Also, actually deleting your data if you don't consent is the kind of thing GDPR requires.

reply
customguy 49 minutes ago
"snatch with their spider leg like fingers that are dripping with digestive fluid"
reply
aleph_minus_one 52 minutes ago
Where is the catch? You rather get two good things if you don't agree:

- Samsung deletes your sensitive health data

- Samsung does not use this data to train some AI

:-)

reply
orbital-decay 24 minutes ago
The catch could be they actually do neither of that and train on it silently.
reply
delduca 29 minutes ago
I was thinking exactly the same…
reply
gmuslera 55 minutes ago
In some way they are telling that they respect your privacy. Or they have your data (and then do something with it, now or later), or no one will.

They could provide some Google-style takeout to get your data before deletion, but that may not have any meaning or practical use without their devices and software.

reply
sam1r 51 minutes ago
Completely agree. Or maybe, just like most products in tech -- they are currently en route to "take out" style data deletion... and it's being released shortly.
reply
gardnr 47 minutes ago
This is like Google Ultra for personal accounts. I signed up to see what it was like and then assumed I would be able to disable training on my data as a paid customer. The only way to disable training on paid personal accounts is to disable history (no chat logs) which makes the service much less useful for me.

For Google Workspace accounts that use the Ultra plan you can disable training while retaining history. I didn't bother signing up again. It is user-hostile.

reply
cute_boi 36 minutes ago
Yes, you will have to pay lot of money and you will have to surrender data too.
reply
sunaookami 29 minutes ago
Bought a Galaxy Watch 7 two years ago, the hardware is good and One UI on the watch itself is also quite good (and the last major update improved it) but Samsung Health is such a shit app. Constant ads for some "courses" or videos and things I don't care about. Downloading my personal data doesn't even work, it sends me right to the browser with an error message that I'm "not logged in correctly" and it wants access to all my pictures & videos (seems like a wrong permission prompt there but when I decline it it also fails with "we need access to all your photos & videos". Why? Just send me a download link via email or use SAF and let me pick a download location).

Thanks to this article I also noticed the UI was redesigned. At least I could keep my layout but it didn't work like it should, it added some useless cards. It also asked about new "optional" data sharing which I of course declined. There is now a notice that my data wasn't backupped to my Samsung account the last 3 days (???) and the data synchronization doesn't work, the buttons do nothing, it just says "disabled" even though everything is enabled... typical Samsung shitware. Haven't noticed anything with AI training (there is no option) but I'm also in the EU.

reply
datadrivenangel 2 hours ago
shouldn't this get them turbo obliterated in europe?
reply
seydor 58 minutes ago
no, in fact gdpr requires that they get consent before they process the data.

They are not preventing people from accessing the data, only indefinite storage as i understand. They may claim that storage is needed for the processing (which might make sense, they want to train on the whole time series).

reply
ptx 22 minutes ago
Recital 11 of the GDPR says that consent must be "freely given", and recital 43 says (in part):

"Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance."

reply
wolvoleo 46 minutes ago
Yes but that consent must be given freely. There can't be undue pressure. Unfortunately this part is not well defined but it looks like the AI training part is not required to deliver the service to the specific user so I do think that if challenged it will be ruled afoul of GDPR.
reply
abroszka33 38 minutes ago
I think Facebook lost a similar lawsuit recently where you had to accept that they can use your data or pay to access the site. And it was found illegal in the EU.

The problem is that it takes years and users don't wait for years. There should be a way to harm these companies more on the EU level.

reply
antalis 15 minutes ago
They can get fined for up to 2 or 4% of their global annual revenue depending on the violation severity.
reply
varispeed 56 minutes ago
Indeed, gdpr was created for corporations to have legal basis to process and sell data. Before gdpr it was a gray area. It was never about privacy.
reply
kklisura 30 minutes ago
One day we will perhaps be able to forgive these companies for mismanaging our data, but we will never forgive them for making us regulate them.
reply
gdulli 2 hours ago
Something I appreciate about Samsung phones is that having a Samsung account is completely optional. I've never had one. If I accidentally click on one of the dumb AI features I'm not even allowed to use it without an account.
reply
sam1r 57 minutes ago
I was under the assumption that because of GDPR (which is in effect..).. or current "end-user metadata storage" best practices.. if you (a website/or app) didn't immediately disclose to the user what data is being used,stored, and why it is -- then you shouldn't store it at all.

If you agree that the world needs better examples today, then Samsung has definitely showed one.

reply
Citizen_Lame 33 minutes ago
GDPR is dead in the water.
reply
vcryan 48 minutes ago
Yes, please - delete my health data. I want my health data - I didn't want Samsung or anyone else to have it unless I provide it. And even then, you can't keep it - you can look at it. It's mine.
reply
zelphirkalt 55 minutes ago
That reminds me of a story by a former coworker of mine, who had a xing account and repeatedly asked them to not send me him ads and spam e-mails. They ultimately closed his account.

Some companies are so dead set on doing this shit, that they don't even have mechanism in place that would enable them to act upon you opting out. It is a sign of dysfunctional companies. You can also observe this, when you send companies a GDPR request for deletion and they do eeeeverything to not have to go into their shitty system and delete the data, because that would require them to do manual work.

reply
ThePowerOfFuet 46 minutes ago
What's with the tracked sharing link?

Tracking-free link: https://www.neowin.net/news/samsung-will-delete-your-health-...

reply
kelseyfrog 59 minutes ago
Am I reading this wrong? It sounds like, short of self-hosting your health data, this is the best of both worlds. Avoiding zombie data retention and avoiding AI? Where do I sign?
reply
ribosometronome 50 minutes ago
Blocking backups and consequently reducing data portability doesn't really sound like the best of both worlds.
reply
varispeed 57 minutes ago
Samsung should be fined out of existence for this.
reply
cute_boi 35 minutes ago
Well there is no incentive for government to keep citizen data private.
reply
josefritzishere 2 hours ago
You shouldn't trust them with your health data anyway.
reply
stackghost 24 minutes ago
>You will not be able to sync health data with your Samsung account and your health data will be deleted unless retained pursuant to applicable law. If retention is required, we will erase it as soon as the required retention period ends.

Don't threaten me with a good time.

I'm so tired of tech companies shoving AI into everything, everywhere.

reply
theturtle 13 minutes ago
[dead]
reply
breakingrules3 25 minutes ago
[dead]
reply
breakingrules3 27 minutes ago
[dead]
reply
exabrial 31 minutes ago
I'd doubt this is legal under HIPAA law in the US, but good luck
reply
Hugsbox 25 minutes ago
I'm not an expert on the matter, but to my knowledge Samsung aren't health practitioners and aren't beholden to HIPAA laws for data that was (presumably) voluntarily provided to them. Is this scummy? Abso-fucking-lutely. But as far as I'm aware they have a lot of freedom when it comes with data collected with permission from users. Obviously this is something that should be addressed/regulated.
reply
fwip 29 minutes ago
It certainly is. HIPAA binds healthcare providers and those entities who get data from them. Samsung is not bound by either of these, unless it is sourcing the health information from, like, your doctor, and not from your watch.
reply
dotcoma 41 minutes ago
They are dumber than a second coat of paint.
reply
thejazzman 37 minutes ago
is this a common expression? i'm genuinely confused/curious. i am confurious.
reply
doginasuit 28 minutes ago
That sounds a little more like confused and furious. Anyone curious about why you are furious might start a chain reaction of confuriosity.
reply
swiftcoder 2 hours ago
Are we sure this isn’t the text for the “consent to process health data” toggle that is on the same screen? I don’t have a Samsung phone handy to check
reply
Cider9986 59 minutes ago
Apple has default E2EE on health data, which I respect. But they need to take iMessage backup out of Advanced Data Protection and make it default E2EE. Messages are just as sensitive, iMessage is effectively not E2EE if most users are using it with server-side encrypted backups to iCloud. Apple of all companies should be able to make a reliable E2EE that wont cause data loss.
reply