Because The U.S. Is Too Corrupt To Pass Privacy Legislation, Data Brokers Increasingly Traffic In Sensitive Mental Health Data

from the have-you-ever-noticed-that-making-money-is-the-only-thing-we-actually-care-about dept

We’ve noted for a long while that the performative hysteria surrounding TikTok is basically a giant distraction from our failures on consumer protection and privacy legislation.

Case in point: the growing number of mental health apps that routinely collect and monetize sensitive consumer mental health data, yet fail to meaningfully protect the data they collect. Mozilla, for example, last May found that most mental health apps have abysmal privacy and security standards, and often sell access to this data to a wide variety of dodgy data brokers and middlemen (including governments).

This week the Washington Post unsurprisingly found that a long line of data brokers traffic in sensitive user mental health data thanks to pandemic-era rise of telehealth and therapy apps, including the addresses of those diagnosed with depression, anxiety, post-traumatic stress or bipolar disorder:

After contacting data brokers to ask what kinds of mental health information she could buy, researcher Joanne Kim reported that she ultimately found 11 companies willing to sell bundles of data that included information on what antidepressants people were taking, whether they struggled with insomnia or attention issues, and details on other medical ailments, including Alzheimer’s disease or bladder-control difficulties.

It’s telling that this story didn’t even bother to include the usual industry defense about how this isn’t a big deal because this data is “anonymized,” a term data scientists have found to be meaningless.

This whole mess is, of course, a direct result of our failure to pass even basic privacy legislation for the internet era; legislation that includes meaningful accountability for corporations and executives who play fast and loose with sensitive U.S. consumer data, and adequate enforcement funding for historically understaffed privacy regulators at the FTC.

While the FTC did recently fine GoodRX for the unauthorized sharing of consumer health data, the agency lacks the staff or funding to go after bad actors at the scale they’re now operating. Even in the wake of Roe’s overturn, and the resulting concerns about the dangers of this data being abused by activists and vigilantes, interest in meaningful reform has proven to be tepid at best.

There’s simply too much money to be made.

Instead, we’ve watched as the same policymakers that created this oversight-optional data hoovering hellscape focus the entirety of their political attention hyperventilating about a single app: TikTok. Either ignoring or oblivious to the fact that the entirety of the unaccountable wild west they created can also be exploited by the Chinese intelligence agencies they pretend to be so concerned about.

Filed Under: , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Because The U.S. Is Too Corrupt To Pass Privacy Legislation, Data Brokers Increasingly Traffic In Sensitive Mental Health Data”

Subscribe: RSS Leave a comment
This comment has been deemed insightful by the community.
That Anonymous Coward (profile) says:

Well he bought data and targeted Congress once before, lets go for their health and meds…

Until things affect them, they do not care and half the time even then they don’t care.

But on the upside lets find out how many of them have Alzheimers and other worrying conditions.

Anonymous Coward says:


lets go for their health and meds…

Yup. This story talks about “our failure to pass even basic privacy legislation for the internet era”, and I’m not sure what those last 4 words are meant to mean. Sure, it’s easier to invade privacy and collect data now, but it was still important to protect privacy before the internet became popular. The Video Privacy Protection Act was passed in 1988, after people did pretty much what you said: released the video rental records of Supreme Court nominee Robert Bork (which turned out to be entirely mundane, but I guess the people in Congress had more “interesting” rental histories they didn’t want known). Phone bills, too, would’ve been an obvious privacy concern long ago—not quite at Europe’s level, since local calls were not historically tracked in North America, and maybe that’s why no relevant laws were ever passed.

HIPAA was passed in 1996, when few people were online… and wouldn’t that apply to prescription and mental health records already? Wikipedia says the minimum HIPAA fine due to neglect is $10,000 per violation, $1.5 million maximum annually; and if there’s an “intent to sell, transfer, or use individually identifiable health information for commercial advantage” (kind of the definition of data brokers), that’s up to a $250,000 fine and 10 years of prison. Increase those fines to reasonable levels and the enforcement agencies could fund themselves with no more tax revenue; start putting people in prison and things might actually improve.

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Another example of why new domestic digital infrastructure is a better foundation in the 21st century.

All healthcare data should be kept on domestic infrastructure and not on a global network anyways.

We saw the same stories of utilities being attacked and compromised, which would be better suited on domestic infrastructure as well.

The solution is already obvious in the 1st world. New digital infrastructure is worth every penny.

Anonymous Coward says:

Re: Re:

Yes it will. When we have dozens of networks, there will be unique opportunities and options on each. It just like TV channel choices except with data.

With the innovation being so good in the 21st century, divide and prosper makes a lot of sense.

Not all data networks have to cater to a population of > 5 billion, hence the disarray.

Anonymous Coward says:

Re: Re:

Actually new infrastructure has always been the catylst for innovation.

If health networks were on a domestic digital network, network scanning could be seen as snooping and prohibited. Most of the security woes are mitigated by design with new infrastructure that can be enforced.

Did you observe how most domains/sites now are dot coms even with .org, .net, etc? That means commerce. New digital networks provide an easy way to segment technology. Some things are for the pleasure of it.

Data networks are a different place when the population is mainly individuals, just as the ISH was. That will be easy to see with new digital infrastructure. And it stokes competition with quality of data.

FOMO makes new infrastructure even better. Take note of who would be against it 🙂

Anonymous Coward says:


Here is another example of healthcare needing to be on domestic networks.

New digital infrastructure mitigates so many security problems since it is only accessible to the customers that need it. Regional networks facilitate even more services that a global network cannot support (infrastructure and new protocols are easy to build).

Telehealth will flourish on domestic infrastructure as well. You have the option of office appointments, remote consultations or both. The data and network are much more secure and consistent service is provided as well.

This comment has been flagged by the community. Click here to show it.

ECA (profile) says:

Entertaining Maybe.

I mentioned long ago, about watching notices for servers being hacked.
And that there had been a Long list of hospitals and Clinics, reporting being hacked.

At most all you would need is the original programs to read the files, and they are available for Purchase, easily gotten.
How many clinics think they are a target? And have even LOW protection on the files and server.
The Hospital gives me Internet Access to all my files. How much protect is there? How much money is there to EARN by the corp that Owns the hospital?

There is no longer any privacy in this country. I wont go into the CC corps, and IF’ they may have hiddne Any break in’s, as we already know they SELL THE DATA.

Bangzfamilysalon (user link) says:

Thanks for social bookmarking websites list. Really it gonna help many freshers to bookmark their websites/posts, etc. it has various advantages as mentioned above but most importantly it has the main advantage to bloggers, free social bookmarking websites will help them fetch traffic to their websites. When anyone submits any link to any famous bookmarking website, it gets tonnes of free attention and traffic.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...