Tina D Purnat

Public health

Health misinformation

Infodemic management

Digital and health policy

Health information and informatics

Tina D Purnat
Tina D Purnat
Tina D Purnat
Tina D Purnat
Tina D Purnat
Tina D Purnat
Tina D Purnat

Public health

Health misinformation

Infodemic management

Digital and health policy

Health information and informatics

Blog Post

Information ecosystem disrupting health, Ex #4: Trace data from user activity on health web sites and apps is used for targeted ads and profiling

Gone are the days of clearing your browser cookies would be sufficient to protect you from tracking and online ads.

I’m continuing with discussing examples of how the information environment uniquely affects public health problems. They are based on my recent talk where I spoke about information environment effects, #trust building and #demand promotion in health, which will also be available as a recording on the CAPHIA Vimeo channel.

This is example #4 (here’s examples one, two and three), and it deals with how our trust in data and our relationship with data privacy impacts how personalized our information ecosystem is for us in health.

Health and the meaning and value of data privacy in the information environment

The internet business has been built on targeting ads at internet users (see also Social media distorts reality).

We are provided “free” access to websites, platforms, tools, and apps, and in turn, we hand over all our activity data to the platform operators—to sell targeted advertising services to marketers and to sell the trace data further to ad data brokers to be collated, sold and resold.

In short: if a product on the internet is free to use, then YOU are the product.

User activity tracking online and the case of health

In the olden days of internet, we were taught to erase cookies from our browsers to prevent tracking of our activity online.

Nowadays, a user’s activity online is tracked based on their unique device ID, and the massive amount of trace data makes it possible to identify which of these devices belong to the same person.

And not to be underestimated, the tracing technology that is fueling the advertising and marketing systems has become so sophisticated that the data is of then the same kind used by marketers and government surveillance and intelligence operations.

This means also that our health-related activity can be tracked across our devices – mobile phone, smart watch, laptop, Alexa, Smart TV, etc), and then this trace data is then sold to collate and create detailed personal profiles for selling ads and services back to us. This data profiling can be broad, describing our behavior and consumption patterns, linked with our health information seeking, lifestyle, exercise, nutrition, mental health.

So imagine that there’s a personal health and social profile about you that is built from things like:

This data profile about you can be sold to

  • scammers who target users with ads for non-evidence-based remedies and services
  • businesses selling your services and products, like medications for user’s specific health conditions
  • organizations politicizing health, targeting you users with health misinformation
  • even businesses like health insurance that analyze people’s risk profile when they apply for a new insurance policy or claim

In health, we are working to deliver health services equally to all, especially those at risk and vulnerable to health harms. This often interacts with social, economic, commercial, and information inequities. The above user profiling isn’t problematic only because it enables targeted advertising in health.

It also opens the door to using data derived from digital trace data on health topics that may be politically controversial, like seeking abortion services or substance abuse management. Such what the case of data privacy settlement in the US that followed a 2019 Wall Street Journal investigation that found a popular period tracking app informed Facebook marketing tools when a user was having their period or if they informed the app that they intended to get pregnant. These practices are so pervasive they are now found in patient portals of medical practices in the US, which makes it very hard for patients to manage and protect their privacy.

Such business activities that play out in the information environment can create information asymmetries that are not easily detected and addressed by a health authority and its services and health programs. In countries where direct-to-consumer marketing of pharmaceuticals and services is permitted, these asymmetries can distort provision of evidence-based care.

This is a challenge that requires new expertise and policy considerations that the health sector must be more active in discussing and solving, especially through mid and long term strategies.

Health data and health information and expectation of data privacy

We expect privacy and confidentiality in relation to personally identifiable health information and health data. But not all data that is collected for advertising falls within the category of personally identifiable health information. Regulations on data privacy, technology, and consumer protection/marketing therefore need harmonization.

Unfortunately, some of the health data I mentioned above are also a consequence of errors and misuse of tracking tools. Google Web Trackers or Pixel by Meta are tracking tools that administrators of websites, mobile apps, and other platforms use in business marketing analytics tools by Google and Meta to analyze user activity, campaign success, and audience behavior.

Google and Meta have responded to scandals of trace data flowing to their systems from health-related websites, platforms, and apps by pointing out it is the responsibility of the business customers that collect and target their users through these tools.

But since there are almost no limits in place for what kinds of data companies can use to target their advertising, this incentivizes them to collect as much as they possibly can.

Updating data privacy regulations and the changing perception of online privacy

Just like in social media and internet platform regulation topics, the regulation of targeted advertising may protect some users from a particular geographic area, but those who live in countries where regulatory protections are weak or not nonexistent experience the internet and it’s health information challenges very differently.

An example of a comprehensive take on consumer protections, including data privacy, is the data services and technology-related regulations by the European Union. Under the European Digital Services Act, online platforms are not permitted to display ads based on profiling in a special data category (like health). The platforms have responded by giving users a choice to pay a subscription fee for an ad-free service, but the jury is still out whether this is a solution sufficiently protecting the privacy of consumers in the European Union.

As for the health authorities, more needs to be done to fully understand the complexity and impacts of trace data use on people’s health information seeking, health service and product consumption and health behaviors.

What could be done?

  • Incorporate data privacy skills into digital, media and information literacy education programs across the life course.
  • Consider information environment from information, structural and policy perspectives when planning topic-specific or overarching health policy and strategies.
  • Introduce recommendations, tools and systems that detect tracking of health data in digital services, web sites, patient portals, and apps. Incorporate audit of user tracking technology in cybersecurity, web audit protocols, telehealth service licensing reviews.
  • Work with data privacy regulators and data protection authority to introduce data privacy and protection, with clearly defined focus on health data and profiling of users based on health behaviors, activity and information seeking.
  • Work with consumer protection regulator to address targeted advertising on health topics, especially for vulnerable groups of consumers (like children).
  • Work with the tech regulators to make sufficient linkage to data privacy regulation. With the accelerated adoption of AI in our economies and societies, data privacy and consumer protections will be even more important. AI systems can’t be built or used without data, and the rules on data access and use can impact tech development and use.

…and use a VPN when using the internet.

Although this is a systemic issue because tech platforms operate cross-border, different approaches to regulation could create a patchwork of user protections and experiences online. How the information environment or related regulations may impact people’s health information seeking and use will depend on where they live. We therefore need more international data privacy standards and enforcement, especially in relation to health data and information.

Post scriptum rabbit hole on ad tech

PS: if you are interested in going down the rabbit hole of researching the advertising technology and its relation to misinformation, disinformation and the information environment at large, I recommend you read: