The upcoming CCPA law will cover the GP here. Expect a self service portal for ccpa deletion in January for most major services.

Even if you do not live in California your request will likely be honored but of course I have no specifics about Fitbit.

I’ve always wondered, how do they know if you’re in the EU? Can I change my address to somewhere in the EU and get my data deleted or will they check?

Maybe where the data originated? So, if you are a EU citizen, but use a google device in the US on vacation, is the data generated in US bound by US-only regulations, so no GDRP?

It's...complicated: https://www.dataprotectionreport.com/2018/12/edpb-clarifies-...

"The Guidelines note that the processing of personal data of EU citizens that takes place outside the EU will not trigger the GDPR so long as the processing is not a specific offer directed at individuals in the EU or to monitor their behavior in the EU."

So it may be safe for google...but given it would apply to a user profile in general, including EU, maybe not?

Send a GDPR request anyway. Many companies do not track what region their users live in, or what parts of it came from what regions, etc. They get a GDPR request and they just file it in the queue for processing. All they know initially is your name and e-mail when you send in the request.

When you are geographically in the EU the GDPR rights apply to all your data.

The location of the data does not matter.

The origin of the data does not matter.

Citizenship does not matter.

These are the reasons many US firms tried to call GDPR overreaching. However if it didn't apply in this way there would be too much wiggle room to be effective.