Samsung Health app threatens data deletion if users opt out AI training
350 points
• 4 days ago
• Article
Link
Samsung 在 Samsung Health app 中推行了一项颇具争议的新规定,实际上迫使用户在同意将健康数据用于 AI 训练与建模与保留其现有数据之间做出选择。公司在应用设置深处嵌入了一个名为 "Consent to the Use of Health Data for AI training and modelling" 的开关,启用后 Samsung 可利用个人健康指标来优化机器学习算法并改进服务。
如果用户选择退出数据共享,应用会明确警告其将无法再将健康数据与 Samsung account 同步。公司还表示,除非法律另有要求,否则现有健康数据将被删除;若法律要求必须保留,数据将在法定保留期届满后立即被删除。
所涉数据范围相当广泛,主要包括四类:睡眠模式、服药记录、医疗记录和经期追踪详情。 Samsung 还披露,这些数据可能会由人工审阅者查看,审阅者可能包括公司员工和第三方承包商。
此政策调整与平台范围更广的生成式 AI 改造同步推出,正值 Galaxy Watch 9 等新硬件发布之际。由 AI 驱动的新功能包括 Vitals 工具,可监测心率、心率变异性、呼吸频率、皮肤温度和血氧等生理指标,提供健康洞察;应用中还将整合 Heart Health Score 、 Cardio Load 和 Fitness Index 等功能,旨在利用用户数据进行更深入的分析。
Samsung has introduced a controversial new requirement for users of the Samsung Health app, effectively forcing them to choose between consenting to AI data training or losing their stored information. The company has embedded a specific toggle labeled Consent to the Use of Health Data for AI training and modelling deep within the app settings. This setting enables Samsung to use personal metrics to refine its machine learning algorithms and improve overall service functionality.
When users attempt to opt out of this data sharing, the application issues a clear warning that they will no longer be able to sync their health data with their Samsung account. Furthermore, the company states that any existing health data will be deleted, unless it is required to be retained by law. If such a retention period is mandatory, the data will be erased as soon as that window closes.
The scope of data involved is extensive, covering four primary categories, including sleep patterns, medication logs, medical records, and cycle tracking details. Samsung has also disclosed that this data may be subject to review by human reviewers, which potentially includes both company employees and third-party contractors.
This policy shift arrives alongside a broader Generative AI overhaul of the platform, timed for the launch of new hardware like the Galaxy Watch 9. These AI-powered features include the Vitals tool, which tracks biometrics such as heart rate, heart rate variability, respiratory rate, skin temperature, and blood oxygen levels to provide health insights. Additional features integrated into the app include a Heart Health Score, Cardio Load metrics, and a Fitness Index, all designed to leverage user data for deeper analysis.
103 comments • Comments Link
• 许多人认为 Samsung 强制用户同意将数据用于 AI 训练才能使用健康追踪功能是一种胁迫,因为这实质上削弱了那些把数据隐私放在首位的用户所购买硬件的可用性。
• 在 GDPR 框架下,强制要求用户同意用于 AI 训练等非必要功能在法律上存在重大争议。 GDPR 要求同意必须是自愿的,且不得将非必要的数据处理与核心服务捆绑在一起。
• 虽然鼓励欧盟用户通过当地消费者保护机构来挑战这些做法,但鉴于诉讼耗时且科技公司资源雄厚,人们对这些措施能否有效持怀疑态度。
• 一些用户把让公司删除数据视为一种潜在利益,他们认为如果公司被迫丢弃敏感健康数据而不是用于 AI 训练,那对警惕企业数据收集的用户来说是理想结果。
• 参与者普遍怀疑公司在用户拒绝后是否会真正执行删除承诺,许多人认为尽管有明确政策声明,数据仍可能被私下保留或继续用于训练。
• Samsung 的 Health 应用被批评为"shitware",阻碍数据可移植性和功能性。用户反映,拒绝数据共享的提示往往会导致同步中断或访问问题。
• 人们注意到 HIPAA 等法律保护与消费电子现实之间的差别。因为 Samsung 通常并非医疗服务提供者,所以在收集和使用通过设备产生的个人数据方面拥有更大自由度。
• 整个行业都在采取类似策略,例如 Google 将高级 AI 功能的使用与交出用户历史记录挂钩,实际上剥夺了希望使用该软件的用户的隐私选择权。
• 当前的数字格局表明,"免费"云服务越来越多地通过剥削用户数据来维持,这促使一些人主张避免使用专有生态系统,转向支持自托管和本地控制的方案。
• 人们对监管能否解决问题仍然怀疑,很多人认为现有监管框架要么软弱无力、执法不到位,要么被设计成为数据处理提供法律依据,而非真正保护隐私。
这场讨论反映出公众对把个人健康和生物识别数据用于 AI 训练的强烈沮丧。参与者对大型科技公司的动机普遍持愤世嫉俗的看法,认为"选择退出"或"同意"机制更像是操纵性的障碍,而非真实可行的选择。大家强烈感到用户被迫陷入一种虚假的二分法:要么失去设备功能,要么放弃隐私。尽管有人寄希望于像 GDPR 等监管机构来伸张权利,但普遍看法是大型公司已经掌握了规避法律的手段,或只是将罚款视为经营成本。共识是,要想真正收回有意义的隐私,可能只能通过自托管以及脱离"互联"设备生态系统来实现。 • Samsung's move to condition the use of health-tracking features on consent for AI data training is perceived by many as coercive, as it effectively degrades the utility of purchased hardware for users who prioritize data privacy.
• The legality of forcing consent for non-essential features like AI training is highly questionable under GDPR, which mandates that consent must be freely given and not tied to the performance of services for which the data is not strictly necessary.
• While users in the EU are encouraged to leverage local consumer protection agencies to challenge these practices, there is skepticism regarding the efficacy of such measures given the time-consuming nature of litigation and the massive resources of tech corporations.
• Some users view the threat of data deletion as a potential benefit, noting that if a company is forced to discard sensitive health data rather than using it to train AI, it achieves a desired outcome for those wary of corporate data harvesting.
• There is significant doubt among participants regarding whether companies will actually fulfill promises to delete data upon refusal, with many suspecting that data may be retained or trained upon covertly despite stated policies.
• Samsung's Health app is criticized for being "shitware" that hampers data portability and functionality, with users reporting that declining data-sharing prompts often results in broken synchronization or accessibility issues.
• The distinction between legal protections like HIPAA and the reality of consumer electronics is noted; because Samsung is not typically a healthcare provider, they operate with significant freedom to collect and use personal data provided through their devices.
• Similar strategies are being employed across the industry, with companies like Google conditioning the use of advanced AI features on the surrender of user history, effectively removing privacy as an option for those who wish to use the software.
• The current digital landscape suggests that "free" cloud-based services are increasingly funded by the exploitation of user data, leading some to argue that consumers should avoid proprietary ecosystems in favor of self-hosting and local control.
• Skepticism persists regarding whether regulation is the solution, as many believe the existing regulatory frameworks are either toothless, poorly enforced, or intentionally designed to provide a legal basis for data processing rather than true privacy protection.
The discussion reflects deep-seated frustration with the increasing encroachment of AI training into personal health and biometric data. Participants are largely cynical about the motivations of major tech companies, viewing the "opt-out" or "consent" mechanisms as manipulative barriers rather than genuine choices. There is a strong sentiment that users are being forced into a false dichotomy between losing device functionality and surrendering their privacy rights. While some look to regulatory bodies like those governing the GDPR for recourse, there is a pervasive belief that large corporations have mastered the art of circumventing these laws or simply accepting fines as a cost of doing business. The consensus is that meaningful privacy can likely only be reclaimed through self-hosted solutions and a departure from the "connected" device ecosystem.