Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

@Garmin: how is my sensitive health data protected on your cloud servers?

JoeNase
over 5 years ago

Garmin connect handles very sensitive health data and I'd like to know, how Garmin does protect this data on their cloud servers. Is it end2end encrypted? I can not find any information about this topic online and I'd like to ask Garmin to describe and document how this sensitive customer data is protected.

  • 0 over 5 years ago

    Have a look at their privacy policies:

    https://www.garmin.com/en-US/privacy/connect/policy/

    At the bottom of that document there are also contact addresses for requests related to privacy policies. They adhere to the GDPR standards and/or to respective local lows of the customers. HTTPS, SSL, and Bluetooth encryption are used to secure the data trasmission (though it was not the case till ~2016) - you can google all of that pretty easily. You may want to read also for example this article:

    https://www.outsideonline.com/2297211/your-health-data-about-get-hacked

  • 0 over 5 years ago in reply to trux

    Thanks for the information! GDPR means that they'll do at least data-in-transit and data-at-rest encryption. I'd assume that they do not do end2end encryption as Apple does with their health data.

  • 0 over 5 years ago
    JoeNase said:
    I'd assume that they do not do end2end encryption as Apple does with their health data.

    SSL / HTTPS is end-to-end encryption. Have a look at https://en.wikipedia.org/wiki/End-to-end_encryption

  • 0 over 5 years ago in reply to trux

    No, it'snot. End2end encryption is not that client and server talk over a secured channel (this is data-in-transit encryption), but that the client generates a keypair and store the keys local only and send encrypted data over to the other side. In this case, Garmin would store the data client-side encrypted in their database and only the client app could decrypt and work with the data. But this would make it almost impossible for Garmin to work/analyse the data - so that is why I am assuming that data is stored in clear-text in Garmins databases, which would allow a Hacker to get the data (for example if the Garmin connect API or Web-App has a security hole).

  • 0 over 5 years ago in reply to JoeNase

    Your definition differs from that of the Wikipedia, but if you are asking about that, what you describe, then the answer is certainly no (you name the problems with it yourself). And frankly told, I doubt that Apple's definition of their end-to-end encryption matches yours, they would have the same problems processing the data.

    BTW, if you do not wish the data to be transmitted or processed, you can deline that in your GC user profile.