User Privacy / INTER-CONNECTEDNESS OF AD ECOSYSTEM: Third-Party Tools Grab Personal Medical Information

EYES OPEN: The vast majority of users, of course, click through terms of service and privacy policies without actually reading them.

But the researchers say that this is all the more reason to shed light on how digital ad targeting, lead generation, and cross-site tracking can erode user privacy. 

Health sites let ads track visitors without telling them

Third-party tools grab personal information from medical, genetic-testing company sites.

Image Credit: Aurich Lawson / Ars Technica

Lily Hay Newman, wired.com -

Ars Technica | 2/7/2022, 3:23 

 

" All too often, digital ads wind up improperly targeting the most vulnerable people online, including abuse victims and kids. Add to that list the customers of several digital-medicine and genetic-testing companies, whose sites used ad-tracking tools that could have exposed information about people's health status. .

In a recent study from researchers at Duke University and the patient privacy-focused group the Light Collective, 10 patient advocates who are active in the hereditary cancer community and cancer support groups on Facebook—including three who are Facebook group admins—downloaded and analyzed their data from the platform's "Off Facebook Activity" feature in September and October. The tool shows what information third parties are sharing with Facebook and its parent company Meta about your activity on other apps and websites. Along with the retail and media sites that typically show up in these reports, the researchers found that several genetic-testing and digital-medicine companies had shared customer information with the social media giant for ad targeting.

Further analysis of those websites—using tracker identification tools like the Electronic Frontier Foundation's Privacy Badger and The Markup's Blacklight—revealed which ad tech modules the companies had embedded on their sites. . .

"My reaction was shock at realizing the big missing pieces in these policies," says Andrea Downing, a co-author of the study, independent security researcher, and president of the Light Collective. "And when we talked to some of these companies it really seemed like they just didn't fully understand the ad tech they were using. So this needs to be an awakening. . ."

[...] "The question in this experiment was 'Can patients believe the terms and conditions they agree to on health-related sites? And if they can't, do the companies even know that they can't?'" Perakslis says. "And many of the companies we looked at aren't HIPAA-covered entities, so this health-related data exists in an almost wholly unregulated space. Research has consistently shown that the flow of such information for advertising can disproportionately harm vulnerable populations."

The vast majority of users, of course, click through terms of service and privacy policies without actually reading them. But the researchers say that this is all the more reason to shed light on how digital ad targeting, lead generation, and cross-site tracking can erode user privacy. . ."

READ MORE: https://arstechnica.com/information-technology/2022/02/health-sites-let-ads-track-visitors-without-telling-them/