Consumer health information is increasingly at risk, groups tell Congress
Americans are facing a growing threat to their privacy as their online activities are closely monitored and used to reveal increasingly personal information, including potential details about their state of health.
Sensitive information and changes in daily habits are tracked and sold to third party data mining companies and marketers, according to Brandi Collins-Dexter, a senior campaign director at the Color of Change, the nation’s largest online civil rights organization.
“Internet Service Providers and third party analytics partners can track the times when someone goes online, the sites visited and the physical location,” testified Collins-Dexter on Tuesday before a House subcommittee hearing. “Visits to a doctor’s website or to a prescription refill page could allow the ISP, platform or a data broker partner to infer someone in the household has a specific medical condition.”
Collins-Dexter told lawmakers that the information in turn “could be sold without consent to pharmaceutical and healthcare companies or even potential employers without the consent or authorization of the user.”
Rep. Janice Schakowsky (D-Ill.), chair of the House Consumer Protection and Commerce Subcommittee, said Americans have good reason to be worried about how their information is used.
“Modern technology has made the collection, analysis, sharing and sale of data both easy and profitable,” according to Schakowsky. “Personal information is mined from Americans with little regard for the consequences. In the last week alone, we learned that Facebook exposed individuals’ private health information they thought was protected in closed groups, and collected data from third party app developers on issues as personal as women’s menstrual cycles and cancer treatments. People seeking solace may instead find increased insurance rates as a result of the disclosure of that information.”
Likewise, Nuala O’Connor, president and CEO of the Center for Democracy & Technology, a not-for-profit dedicated to protecting privacy, charged that “ubiquitous data collection and sharing” has created “an unbounded secondary market for Americans’ sensitive information” such as location and health data.
“Data brokers continue to build secretive and detailed profiles that can be used to exploit or discriminate based on race, religion, gender, age and other protected categories,” said O’Connor in her testimony.
“Inferences are drawn and we are labelled as a Democrat or Republican, white or Latino, gay or straight, a pregnant teen, a grieving parent, a cancer survivor and so much more,” commented Frank Pallone, Jr. (D-N.J.), chairman of the House Energy and Commerce Committee. “This is all done without our knowledge. And then our personal information and related inferences are being shared and sold many times over.”
However, Dave Grimaldi, executive vice president for public policy at the Interactive Advertising Bureau, whose member companies account for 86 percent of U.S. online advertising, testified before the subcommittee that consumers are increasingly aware that data is collected about their interactions on the web which is used to “create an enhanced and tailored experience” that is only possible using data.
At the same time, Grimaldi emphasized that IAB and its members have long supported consumer privacy protections and responsible data practices. He pointed to IAB’s role in the creation of the Digital Advertising Alliance, an industry body convened a decade ago to create a self-regulatory code for all companies that collect or use data for interest-based advertising online.
“The DAA Principles provide consumer transparency and control regarding data collection and use of web viewing data, application use data, precise location data, and personal directory data,” testified Grimaldi. “The DAA Principles also contain strong prohibitions on the use of such data for eligibility purposes for employment, insurance, credit, and healthcare treatment.”
But, Congressman Pallone pointed out that health insurance companies could charge higher rates based on consumer food purchases or information from their fitness trackers.
“These are simply unacceptable uses of people’s data,” Pallone said. “Yet, for the most part, here in the U.S., no rules apply to how companies collect and use our information. Many companies draft privacy policies that provide few protections and are often unread.”
O’Connor similarly made the case that the current regulatory environment leaves a significant amount of consumers’ personal information unprotected, including some highly sensitive or intimate data and data inferences—such as inferring a medical condition based on a person’s non-medical purchase history.
“Our current legal structure on personal data simply does not reflect the reality that the internet and connected services and devices have been seamlessly integrated into every facet of our society,” she testified. “Our schools, workplaces, homes, automobiles and personal devices regularly create and collect and, increasingly, infer, intimate information about us. Everywhere we go, in the real world or online, we leave a trail of digital breadcrumbs that reveal who we know, what we believe, and how we behave. Overwhelmingly, this data falls in the gaps between regulated sectors.”