Because The U.S. Is Too Corrupt To Pass Privacy Legislation, Data Brokers Increasingly Traffic In Sensitive Mental Health Data
from the have-you-ever-noticed-that-making-money-is-the-only-thing-we-actually-care-about dept
We’ve noted for a long while that the performative hysteria surrounding TikTok is basically a giant distraction from our failures on consumer protection and privacy legislation.
Case in point: the growing number of mental health apps that routinely collect and monetize sensitive consumer mental health data, yet fail to meaningfully protect the data they collect. Mozilla, for example, last May found that most mental health apps have abysmal privacy and security standards, and often sell access to this data to a wide variety of dodgy data brokers and middlemen (including governments).
This week the Washington Post unsurprisingly found that a long line of data brokers traffic in sensitive user mental health data thanks to pandemic-era rise of telehealth and therapy apps, including the addresses of those diagnosed with depression, anxiety, post-traumatic stress or bipolar disorder:
After contacting data brokers to ask what kinds of mental health information she could buy, researcher Joanne Kim reported that she ultimately found 11 companies willing to sell bundles of data that included information on what antidepressants people were taking, whether they struggled with insomnia or attention issues, and details on other medical ailments, including Alzheimer’s disease or bladder-control difficulties.
It’s telling that this story didn’t even bother to include the usual industry defense about how this isn’t a big deal because this data is “anonymized,” a term data scientists have found to be meaningless.
This whole mess is, of course, a direct result of our failure to pass even basic privacy legislation for the internet era; legislation that includes meaningful accountability for corporations and executives who play fast and loose with sensitive U.S. consumer data, and adequate enforcement funding for historically understaffed privacy regulators at the FTC.
While the FTC did recently fine GoodRX for the unauthorized sharing of consumer health data, the agency lacks the staff or funding to go after bad actors at the scale they’re now operating. Even in the wake of Roe’s overturn, and the resulting concerns about the dangers of this data being abused by activists and vigilantes, interest in meaningful reform has proven to be tepid at best.
There’s simply too much money to be made.
Instead, we’ve watched as the same policymakers that created this oversight-optional data hoovering hellscape focus the entirety of their political attention hyperventilating about a single app: TikTok. Either ignoring or oblivious to the fact that the entirety of the unaccountable wild west they created can also be exploited by the Chinese intelligence agencies they pretend to be so concerned about.
Filed Under: chinese, consumer protection, data brokers, ftc, mental health data, privacy, privacy legislation, privacy reform, surveillance, tiktok
Comments on “Because The U.S. Is Too Corrupt To Pass Privacy Legislation, Data Brokers Increasingly Traffic In Sensitive Mental Health Data”
“There’s simply too much money to be made.”
Many do not realize how expensive it is to make money.
Well he bought data and targeted Congress once before, lets go for their health and meds…
Until things affect them, they do not care and half the time even then they don’t care.
But on the upside lets find out how many of them have Alzheimers and other worrying conditions.
Re:
Yup. This story talks about “our failure to pass even basic privacy legislation for the internet era”, and I’m not sure what those last 4 words are meant to mean. Sure, it’s easier to invade privacy and collect data now, but it was still important to protect privacy before the internet became popular. The Video Privacy Protection Act was passed in 1988, after people did pretty much what you said: released the video rental records of Supreme Court nominee Robert Bork (which turned out to be entirely mundane, but I guess the people in Congress had more “interesting” rental histories they didn’t want known). Phone bills, too, would’ve been an obvious privacy concern long ago—not quite at Europe’s level, since local calls were not historically tracked in North America, and maybe that’s why no relevant laws were ever passed.
HIPAA was passed in 1996, when few people were online… and wouldn’t that apply to prescription and mental health records already? Wikipedia says the minimum HIPAA fine due to neglect is $10,000 per violation, $1.5 million maximum annually; and if there’s an “intent to sell, transfer, or use individually identifiable health information for commercial advantage” (kind of the definition of data brokers), that’s up to a $250,000 fine and 10 years of prison. Increase those fines to reasonable levels and the enforcement agencies could fund themselves with no more tax revenue; start putting people in prison and things might actually improve.
Re: Re:
HIPAA only applies to certain entities though, and an app developer isn’t one of them.
This comment has been flagged by the community. Click here to show it.
Re:
If they acquire the Joe Biden medical health records, the executive branch will magically discover the funding to crackdown on the industry within a week.
Re: Re:
Biden is more there than his predecessor who kept bragging about how hard a basic cognitive test he passed was. What happened to the obese, mentally challenged Trump that made him get a cognitive test?
And I’d love to see Trump try to ride a bike since he has trouble with ramps and stairs.
This comment has been flagged by the community. Click here to show it.
Another example of why new domestic digital infrastructure is a better foundation in the 21st century.
All healthcare data should be kept on domestic infrastructure and not on a global network anyways.
We saw the same stories of utilities being attacked and compromised, which would be better suited on domestic infrastructure as well.
The solution is already obvious in the 1st world. New digital infrastructure is worth every penny.
Re:
Changing the digital infrastructure will not stop the predatory practices of companies that can gather user data via their internet portals.
Re: Re:
Yes it will. When we have dozens of networks, there will be unique opportunities and options on each. It just like TV channel choices except with data.
With the innovation being so good in the 21st century, divide and prosper makes a lot of sense.
Not all data networks have to cater to a population of > 5 billion, hence the disarray.
Re: Re: Re:
With fragmentation of knowledge, and people being om more than one because they have friends and interests that need different networks; or are you proposing something worse, and that is geographically limited networks? The latter makes it much easier for politicians to stir up animosity against external enemies.
Re: Re:
Actually new infrastructure has always been the catylst for innovation.
If health networks were on a domestic digital network, network scanning could be seen as snooping and prohibited. Most of the security woes are mitigated by design with new infrastructure that can be enforced.
Did you observe how most domains/sites now are dot coms even with .org, .net, etc? That means commerce. New digital networks provide an easy way to segment technology. Some things are for the pleasure of it.
Data networks are a different place when the population is mainly individuals, just as the ISH was. That will be easy to see with new digital infrastructure. And it stokes competition with quality of data.
FOMO makes new infrastructure even better. Take note of who would be against it 🙂
Re:
Here is another example of healthcare needing to be on domestic networks.
https://www.bleepingcomputer.com/news/security/healthcare-giant-chs-reports-first-data-breach-in-goanywhere-hacks/
New digital infrastructure mitigates so many security problems since it is only accessible to the customers that need it. Regional networks facilitate even more services that a global network cannot support (infrastructure and new protocols are easy to build).
Telehealth will flourish on domestic infrastructure as well. You have the option of office appointments, remote consultations or both. The data and network are much more secure and consistent service is provided as well.
‘Because The U.S. Is Too Corrupt To Pass Privacy Legislation’
this could be narrowed to add in, after ‘The U.S.’, the word ‘Government’! we know who/what is being spoken about here, so just make it clear!
This comment has been flagged by the community. Click here to show it.
thanks for sharing it is very helpful for me and also informative for all those users who will come to read.
Also, I’m sure the government itself benefits greatly from having all this private info it can access.
Entertaining Maybe.
I mentioned long ago, about watching notices for servers being hacked.
And that there had been a Long list of hospitals and Clinics, reporting being hacked.
At most all you would need is the original programs to read the files, and they are available for Purchase, easily gotten.
How many clinics think they are a target? And have even LOW protection on the files and server.
The Hospital gives me Internet Access to all my files. How much protect is there? How much money is there to EARN by the corp that Owns the hospital?
There is no longer any privacy in this country. I wont go into the CC corps, and IF’ they may have hiddne Any break in’s, as we already know they SELL THE DATA.
Just us ethat data to embarass a politician!
Somebody needs to grow some balls and publish the fucking information for a bunch of politicians so we can watch how fast they do something about it! That’s what pissed me off with that John Oliver thing where he all all the data on people in DC but never did jack shit with it.
Re:
government would just go after the leaker! nevermind the law! that wont change…..
Re: Youtube
Go on YT, and declare you are taking all the politicians email accounts and submitting them to every service on the net, internationally.
Do you think there will NOT be a knock on your door?
Now that there really is a shadowy group following my every move with malign intent, am I no longer paranoid?
What’s up with all the spammy spam spam?
Spam as a marketing strategy is a fools errand.
Thanks for social bookmarking websites list. Really it gonna help many freshers to bookmark their websites/posts, etc. it has various advantages as mentioned above but most importantly it has the main advantage to bloggers, free social bookmarking websites will help them fetch traffic to their websites. When anyone submits any link to any famous bookmarking website, it gets tonnes of free attention and traffic.
https://www.bangzfamilysalon.com/