Lawmakers want answers from Facebook on privacy of 'closed' health groups
House Democrats are pressing Facebook on the privacy protections it has in place for people who share sensitive health information in forums for group discussion on the site.
House Energy and Commerce Chair Frank Pallone, D-N.J., and Rep. Jan Schakowsky, D-Ill., sent a letter to Mark Zuckerberg on Tuesday asking him for a staff briefing about whether Facebook is "misleading" users about the nature of "closed groups." These groups are listed publicly but only allow invited or approved social media users to see discussions inside the forum.
The lawmakers are concerned about health information people may have shared in closed groups that are labeled as "anonymous" - implying a certain level of privacy in spaces devoted to discussing deeply personal issues, such as substance abuse or sexual assault.
"Despite the indications that the groups were private and anonymous, people and companies who should not have been admitted to these groups gained access to them and to lists of group members," the lawmakers wrote. "People used the member lists and other information from these groups to target and harass members of the groups." Pallone and Schakowsky, who chairs the Subcommittee on Consumer Protection and Commerce, also said that insurance companies that gain access to this data could use it in making decisions about offerings.
So much of the privacy debate focuses on what data the companies seek to collect from users. But these lawmakers are spotlighting just how much sensitive data - including medical details - social media companies have on their platforms that's freely offered up by users themselves. Determining the right kind of protection for this kind of data could be a particularly tough challenge for lawmakers as they work toward crafting privacy legislation this Congress.
Meg Marshall, an executive at health information technology company Cerner, tweeted: "If you aren't paying attention to this, you're going to miss a major policy movement of the next 18 months."
In the letter, lawmakers signaled that Facebook needs to be more transparent with users, especially about who can access deeply personal information they post online.
"Labeling these groups as closed or anonymous potentially misled Facebook users into joining these groups and revealing more personal information than they otherwise would have," the lawmakers wrote. "And Facebook may have failed to properly notify group members that their personal health information may have been accessed by health insurance companies and online bullies, among others."
Pallone and Schakowsky sent the letter to Facebook in response to a complaint filed to the Federal Trade Commission, which was first published this week. The complaint, initially filed in December, says Facebook "deceptively solicited" patients to use its Groups feature to discuss health issues. The security researcher and health advocates who filed the complaint say Facebook has marketed this product as a "personal health record."
The privacy concerns surrounding Facebook's health-related Groups first got attention over the summer, when CNBC reported Facebook closed a loophole that allowed third parties to discover the names of members in closed groups. Before the change, the leader of a private group for women with BRCA, a gene mutation that indicates a higher likelihood of breast cancer, discovered that marketers had been using a web extension to siphon off group members' names and other personal information. Facebook said at the time that the change was not a result of that group's complaints.
Facebook defended itself Tuesday night, making the case that users know what they're signing up for when they join groups.
"Facebook is not an anonymous platform; real-name identity is at the center of the experience and always has been," the company said in a statement. "It's intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community, and can see the posts they choose to share with that community. There is value in being able to know who you're having a conversation with in a group, and we look forward to briefing the committee on this."
The issue of storing sensitive data could only become bigger as Big Tech eyes business opportunities in health and wellness. Companies such as Amazon and Google are increasingly investing in services ranging from a digital pharmacy to fitness tracking. But as the companies face a wide range of questions about their existing privacy practices, these new services could open a Pandora's box of new issues.
Facebook itself was exploring a broader push into health care, and it even pursued data-sharing partnerships with top medical groups and hospitals, according to a report last year from CNBC. However it backed off those plans last year in the fallout of other privacy controversies, saying that it needed to "focus on other important work, including doing a better job of protecting people's data and being clearer with them about how that data is used in our products and services."
Facebook is facing mounting scrutiny for a range of privacy controversies. Currently the company is in early negotiations with the FTC for a multibillion dollar fine following the Cambridge Analytica scandal, in which a political consultancy collected sensitive data about Facebook users without their consent. Any settlement the company reaches will likely come with a new order that could require the company to submit to more regular privacy checkups.