In today’s digital age, health applications and websites have become increasingly prevalent, offering users the ability to monitor various aspects of their well-being, from physical activity to medication schedules. These platforms often request personal and sensitive health information, raising critical questions about data privacy and security. But what happens when these platforms misuse or improperly share your data?
The Federal Trade Commission (FTC) recently took action against GoodRx, a prominent digital health platform known for virtual doctor visits and prescription drug coupons, alleging that the company violated user trust regarding the handling and sharing of personal health information.
According to the FTC complaint, GoodRx engaged in deceptive practices by sharing users’ health data, including specific health conditions and prescription medications, with digital advertising giants like Facebook and Google without obtaining user consent. This practice directly contradicted GoodRx’s privacy policy statements. Worse still, this sensitive information was then utilized to target GoodRx users with health-related advertisements on their social media feeds. The data shared encompassed highly personal details such as prescription medications for erectile dysfunction and treatments for sexually transmitted diseases. Crucially, GoodRx failed to inform its users about this data sharing.
As a consequence of these actions, GoodRx reached a settlement with the FTC, agreeing to pay a $1.5 million penalty. The settlement terms also impose restrictions on GoodRx’s data sharing practices, prohibiting the company from sharing health data with third parties for advertising purposes without explicit user permission. For any other data sharing with third parties, GoodRx is now mandated to obtain verifiable user consent.
While health applications offer undeniable benefits and convenience, the GoodRx case serves as a stark reminder that this convenience can come at a cost. As highlighted by this and other FTC cases [https://www.ftc.gov/legal-library/browse/cases-proceedings?sort_by=field_date&field_mission%5B29%5D=29&field_consumer_protection_topics=2281], entrusting personal health information to digital platforms involves inherent risks if companies fail to uphold their privacy commitments. Companies may create detailed profiles of users and share sensitive data with external entities. Once personal information loses its privacy, it becomes exceedingly difficult, if not impossible, to control its dissemination and prevent potential misuse.
To safeguard your privacy in the digital health landscape, consider these proactive measures:
-
Opt out of targeted advertising whenever possible. Privacy policies, while often dense, are crucial documents that outline how a company handles user data. Scrutinize these policies to understand data sharing practices, particularly concerning targeted advertising. Determine if you have control over whether ads are personalized based on your app usage and online activity. Utilize opt-out tools provided by organizations like the Digital Advertising Alliance and the Network Advertising Initiative. Remember to apply opt-out preferences on each device and browser you use.
-
Customize your privacy settings. Explore the privacy settings within health applications to limit data access. Review app permissions to ensure they only access necessary information. Assess location tracking permissions; if location data is not essential for the app’s functionality, disable it. If location access is required, consider restricting it to “only while using the app.”
-
Inquire about your data deletion rights. Certain state laws grant consumers the right to request data deletion from companies. Consult the U.S. State Privacy Legislation Tracker from the International Association of Privacy Professionals for detailed information on state-specific privacy regulations.
For comprehensive guidance on online privacy protection, refer to the FTC’s guide to protecting your privacy online. By taking informed and proactive steps, you can navigate the digital health space more securely and mitigate potential privacy risks.
