The European Data Protection Board (EDPB) expressed concerns over the implications for user privacy of a move by Google to acquire fitness tracker maker Fitbit, raising the possibility of a formal objection by the European Commission (EC).

In a statement, EDPB said the “possible further combination and accumulation of sensitive personal data regarding people in Europe by a major tech company could entail a high level of risk to privacy and data protection”.

The EDPB is an advisory group which oversees implementation of the European Union’s General Data Protection Regulation (GDPR), and contributes advice to the EC, meaning its concerns could ultimately play a part in any decision the body makes on clearing the acquisition.

Google made its move for Fitbit in November 2019, inking a $2.1 billion deal which would give the search giant a welcome leg-up in the wearables sector. Its bid is currently being scrutinised by the US Department of Justice.

EDPB called for the companies to comply with GDPR and to fully assess “the data protection requirements and privacy implications of the merger in a transparent way”. The pair should also work to mitigate any potential privacy and data protection risks before notifying the EC of the merger.

If completed, the deal will catapult Google to being the fifth-largest wearables vendor, placing it well to compete against Apple, Huawei and Samsung.

In early February, Google CFO Ruth Porat said the company was eagerly awaiting new opportunities related to the Fitbit deal, which “will add strong capabilities in wearables and advance our vision of ambient computing for the Android ecosystem”.