Big Tech’s latest moves raise health privacy fears
We’ll send you a myFT Daily Digest email rounding up the latest Data protection news every morning.
“Alexa, are my antidepressants arriving today?”
Such queries may become commonplace following Amazon’s decision to sell prescription medicine in the US, but they also raise broader questions over privacy and human rights.
Amazon Pharmacy’s promise of 80 per cent discounts suggests that the US retailer sees opportunities not in realising immediate profits, but in extracting a more valuable resource: data about the most intimate details of our lives.
Five centuries ago, the land and resources of the “New World” were seized by colonial powers, transforming the global economy and changing the lives of local populations. Today a new land-grab is under way: the medium is personal data and the target is the economic value extracted from it.
Health data has been described as an “open frontier” that tech companies are positioning themselves to exploit. The opportunity goes beyond the health information that should be protected by doctor-patient confidentiality. More vulnerable is health-related data gathered outside the doctor-patient relationship via training and fitness devices as well as features in digital personal assistants — such as Amazon’s Echo smart speaker.
The argument that health data needs protection is clear. Any commercialisation of personal data — even data provided by the users themselves — needs to first address confidentiality and intended purpose.
Take the craze for fitness self-tracking. When the US Federal Trade Commission tested 12 apps and two wearable devices in 2014, it found that they transmitted data to no fewer than 76 undisclosed third parties. No wonder Google was willing to pay $2.1bn for Fitbit in November 2019.
Concerns have also been raised about the privacy terms of the third-party apps that tech groups integrate into their home personal assistant devices and mobile phone interfaces, often to gather health-related data. The way in which these systems collect data is not always apparent to users, as illustrated in the cases revealed last year of various menstruation apps that were sharing information about women’s sexual lives with Facebook. This sharing was sometimes initiated even before the user agreed to the app’s privacy terms.
These examples are just the beginning of a transformation in which health data is acquiring new power to influence and control society. In response, society must, via its regulators, examine the unintended side-effects of allowing a free market for data.
Personal health data can be very beneficial to institutions that profit from differentiating between individuals. People may become vulnerable to emerging networks of employers, insurers, data brokers and even governments that stand to benefit from information that identifies their risks.
Consider one decision-making algorithm used by US hospitals and insurance companies to determine which patients receive additional medical care. The algorithm was used to manage the care of 200m people, but researchers found it discriminated against black people.
The same population who were marginalised in historic colonialism appear to pay the heaviest price under this new data colonialism. The health data sector risks perpetuating a power imbalance that must be recalibrated in the interests of individual and societal justice.
Globally, it is clear most corporate controllers of health data are based in just a few developed countries, with data protection standards often a required component of international trade deals. Low and middle-income countries will find it difficult to renegotiate terms of trade for health data flows with such powerful groups.
How can a new approach to health data be forged? We could start with the principle that no data relating to an individual’s health should be gathered, stored or processed without that person’s explicit, continuing and effective consent. For that protection to be meaningful, transparency of health data use is vital, alongside the default assumption that individuals have not given effective consent to particular uses, unless consent can clearly be established.
If this sounds like fantasy, remember that Estonia has already instituted most of these protections, at least for regulated health data. Its institutions are not easily replicated, but the country’s approach can serve as a model.
Submit the care of health and health-related data to social and civic control, and we can ask the right questions about when and how we want as societies to pool our health data.
If we are alert to the dangers of letting data colonialism go unchecked in the health sector, then we can start to put individual and social need above private profit. Ignore those dangers, and we risk health’s open frontier becoming a New World of exploitation, whose inequalities will have consequences for centuries to come.
Nick Couldry and Ulises Ali Mejias are co-authors of ‘The Costs of Connection: How Data Is Colonizing Human Life and Appropriating It for Capitalism’ (Stanford University Press)
Get alerts on Data protection when a new story is published