You are a target: Medical data and ads

Building on the shoulders of Cambridge Analytica scandal, a new threat is emerging in the global digital economy — data brokers. These companies are gathering, packaging and reselling the existing data in several of the databases.

You might not even know it, but the data you enter in your Facebook profile can easily be combined with data you added to your Twitter account and then get sold off to an advertiser.

These profiles come not just from data you’ve shared, but from data shared by others, and from data that’s been inferred. In its 2014 industry report, the US Federal Trade Commission (FTC) showed how a single data broker had 3,000 “data segments” for nearly every US consumer (source).

Big data is big business

In the US healthcare sector, these practices are happening as we speak with joint ventures by ad companies and pharma data companies which hope for a break in a world of personalized devices which offer a unique entry point into your world. What is even more problematic is that companies like

Facebook are now getting around the HIPAA protocols at identifying patients with certain diseases, demographic or social status — all based on the data that is being shared online.

Because of Cambridge Analytica, Facebook pressed pause on its medical data experiment.

Facebook had asked hospitals to share anonymized data about the condition and prescriptions of their patients for a research project, according to a CNBC report.

However, the story goes on to say the project never went past the planning stages after the Cambridge Analytica scandal highlighted public concerns over the integrity of users’ information. “This work has not progressed past the planning phase, and we have not received, shared or analyzed anyone’s data,” a Facebook spokesperson told CNBC (source).

While the Facebook project is put on hold, data is getting shared left and right by other parties. Grindr got caught sharing its users HIV status recently. Norwegian nonprofit research group Sintef uncovered Grindr’s data sharing with two companies — Apptimize and Localytics — and concern spread in the US after BuzzFeed reported the findings. The Los Angeles-based dating company then announced it would stop sharing users’ HIV status with third-party companies, BuzzFeed reported(source).

Legal frameworks are playing catch-up

The regulatory frameworks are always late to the party. For the GDPR to come to fruition, we had to endure through the Snowden revelations and the Max Schrems lawsuit against Google.

Why is GDPR necessary? Quite simply because old policies have been overtaken by the speed and breadth of the digital revolution, and nowhere more so than in the area of cybersecurity. There has been a worrying lag between policymakers’ understanding of cybersecurity and the pragmatic reality of new threats facilitated by the digital revolution and its paperless structure (source).

It is safe to say that whatever personal data nightmare awaits us after the implementation of GDPR the legal frameworks will be adapted only after the data mishandling will be known to the general public.

Business leaders and policymakers must work together to address these common challenges, particularly as we seek to maintain a balance between free speech and the openness that has made the internet flourish, with the critical need to ensure safety, effectiveness and credibility of online services (source).

User: Owner or slave?

Currently, the user is left on its own when it comes to data brokers and privacy online. Even when faced with public revelation like Cambridge Analytica, the omnipresence of these digital giants means that the user cannot simply boycott them and be done with it.

What is even more frustrating with medical data is that we cannot prevent the doctors gathering our data because that could mean that our treatment would not as successful as it is when our doctors have all of our data available to them.

At the same time, aforementioned examples of data reselling show that we need to do better at data ownership and protection. This is where Iryo comes into play.

Iryo network: Own your data

Iryo network offers a unique way of decentralised e-health data storage, supported with zero knowledge and openEHR standards. It combines the benefits of a regular digital e-health records approach with the addition of blockchain technology being used a permission tool.

This allows the patient to control their own data while at the same time still offer user-friendly experience when visiting the doctor’s office.

At the same time, Iryo is solving one of the biggest challenges of current data economy landscape — how to still conduct business without being worried about data floating around the cyberspace without the user’s consent.