Health privacy is priceless
Your health data is being watched. Your smartphone, your FitBit or Apple Watch, your running app, that “smart” scale, all of these devices and programs can log information about your body, ranging from weight and heart rate to your bodyfat percentage and bone density. While we have more information than ever about our unique physical properties and how to improve our own health, this level of information collection comes with a potential hazard: data sharing.
Currently, most health and fitness tracking apps are not subject to the health privacy act known by its acronym HIPAA, according to federal Health and Human Services guidelines. That means that sharing sensitive health information isn’t necessarily illegal.
Enter Flo Fertility Tracking, which follows women’s reproductive cycles at the touch of a button. The app launched in 2016 and quickly amassed more than 100 million users.
Despite promising that it wouldn’t share sensitive information with third parties, The Wall Street Journal has reported that Flo had been sharing information such as period dates and pregnancy plans with third parties like Google and Facebook for the purpose of better targeting online advertisements.
This is a privacy breach that demands consequences.
The Federal Trade Commission has announced a settlement with Flo that requires the company to review its privacy practices, obtain user consent before sharing health information, notify users of unauthorized disclosure of the information and require that any third parties in possession of such information erase it.
This is a toothless settlement. There should be steep financial penalties for companies that breach privacy, particularly regarding health data. The Flo settlement could have been used to send a message to Silicon Valley that the government values privacy. This settlement amounts to a slap on the wrist.
As these apps proliferate, the FTC should clarify what information and which apps fall under HIPAA’s provisions and enact more aggressive punitive actions for companies that violate the law and their promises to consumers.
Data companies’ sharing of information translates to a prospective revenue stream from advertisers and, if this revenue stream dries up, the companies may pass on to consumers higher prices for their technology. So be it. Privacy is priceless. These apps and devices, though useful, are not necessities and can be forgone if they are too expensive.
Flo violated its own privacy policy by sharing user data and stopped only when caught. Privacy is becoming increasingly difficult to maintain in the digital age, with everyone’s digital footprint growing with every website visited. It has an Orwellian smack and should send a shiver down the spine of every American.
Consumers must be vigilant with their data, valuing privacy over convenience.