This is why privacy matters in digital health — Episode 3
In part two of my blog post series I discussed how people voluntarily share sensitive health information in a public network like the Strava Fitness App, which in turn uses data — sometimes with an inexplicit consent — for a purpose that most users are not even aware of. This case highlighted that this information might even be traced back to people, e.g. by cross-referencing their data with social media.
Now one could argue that its “just fitness data”. But what if the same principle applies to highly sensitive and personal health data, like the following Grindr “HIV status” case?.
Sharing HIV status of thousands anonymously, even though the users did not give ANY consent to do so, and then being able to trace back to the user by cross-referencing their data with social media and geo-location data, would put them in a very uncomfortable, dangerous and potentially even life-threatening situation. Not to mention that this is highly unethical from my point of view. And here we are:
- The Grindr HIV status case
This particular case shows the vulnerability of highly sensitive and personal health data impressively: Grindr, a popular dating app used by gay, bi, trans and queer users that has 3.6 million daily active users worldwide, has been providing the users’ HIV status and “last tested date” (information that Grindr users choose to include in their profiles) to two analytics companies.
One could argue now why users put their HIV status in this app to begin with — but that’s not the point here. Having this information in the app might make sense as it increases the trust between the users if they decide to share the status with others.
The point here is, however, that this information should never leave the social network’s systems without an explicit and well-informed consent by the user, even if all data was anonymized. And this simply didn’t happen.
Of course, Grindr’s CTO Scott Chen stated that all information shared was heavily encrypted and that, with the analytics companies, there are strict contractual terms as well as data retention policies in place to further protect the users’ privacy from disclosure.
However, there was disclosure to some extent, as the article of the Washington Post stated cleary: “{the} report included findings by the Norwegian nonprofit SINTEF, which said that users’ HIV data were being shared along with their GPS location and other identifying information, such as sexuality, relationship status, ethnicity and phone IDs to third-party advertising companies.”
And here come my data privacy concerns: very personal health information like HIV status or something similar should never be shared by companies managing those data on behalf of the users. This data is highly sensitive information and can damage the life of people severely.
Or as the Washington Post states: “In a piece in the Guardian, British columnist and book author Owen Jones called the data-sharing an act of betrayal. << It may be a commercial app, but as an LGBTQ app Grindr has responsibilities to the wider communities. That does not include sharing something as profoundly personal (and still stigmatized) as HIV status,>> Jones wrote. <<If people wish to be open about their status on Grindr, that should be applauded and celebrated. Having an app that wraps itself in the rainbow flag passing on that status to third parties without their consent is a betrayal. >>
Summary: why privacy matters in digital health
As mentioned in the introduction of the first blog post, many people might ask “Who am I that people or companies might be interested in my very own personal data?” whilst using social networks, apps and services.
The cases highlighted in all three episodes of this blog series show impressively that digital health is so much more than an electronic version of your patient record at the dentist or an electronic medication plan. It also shows that there are companies and services out there that are interested in every single data set available. And this data very easily contains highly sensitive health information and needs to be treated as such.
Let me be clear here: fitness data is sensitive health information. Facebook data may be highly sensitive information. Your HIV status surely is highly sensitive information. And every single person is interesting for advertising companies.
Because: the more information they have about a person, the better they can channel their advertisement towards this person. It’s as simple as that.
And that’s okay! As long as the person affected a) knows about it, b) gives consent to it and c) is capable of understanding what this consent actually means.
Then — and only then — we can speak of data privacy in digital health. And at least to me, privacy really matters.
Learn more about healthbank on our website or join the Telegram Channel
