Patients, health data experts accuse Facebook of exposing personal info

A group of patients and health data experts is accusing Facebook of misleading users about how their personal health information can be manipulated and exposed without patients' explicit permission.

In a Federal Trade Commission (FTC) complaint released publicly on Tuesday, the group alleges that Facebook prompts its users to join online medical support groups under the guise that they are "private" – but does not make clear that users could expose their health data when they join those groups.

ADVERTISEMENT

"I think the highest-level deception is that they call [these medical support groups] safe," Fred Trotter, a security researcher and one of the complainants, told The Hill. He pointed out that Facebook executives, including Facebook CEO Mark ZuckerbergMark Elliot ZuckerbergHillicon Valley: Facebook won't remove doctored Pelosi video | Trump denies knowledge of fake Pelosi videos | Controversy over new Assange charges | House Democrats seek bipartisan group on net neutrality On The Money: Conservative blocks disaster relief bill | Trade high on agenda as Trump heads to Japan | Boeing reportedly faces SEC probe over 737 Max | Study finds CEO pay rising twice as fast as worker pay Zuckerberg met with Winklevoss twins about Facebook developing cryptocurrency: report MORE, have touted the medical support groups as an opportunity for patients to support one another, while failing to disclose that the group members' data could be mined for ad targeting and harassment.

House Energy and Commerce Chairman Frank Pallone Jr.Frank Joseph PalloneOvernight Health Care — Presented by PCMA — Senators unveil sweeping bipartisan health care package | House lawmakers float Medicare pricing reforms | Dems offer bill to guarantee abortion access Hillicon Valley: Assange hit with 17 more charges | Facebook removes record 2.2B fake profiles | Senate passes anti-robocall bill | Senators offer bill to help companies remove Huawei equipment Overnight Energy: Democrats ask if EPA chief misled on vehicle emissions | Dem senators want NBC debate focused on climate change | 2020 hopeful John Delaney unveils T climate plan MORE (D-N.J.) and Rep. Jan SchakowskyJanice (Jan) Danoff SchakowskyHouse Dem cites transgender grandson in voting for Equality Act Dems plan 12-hour marathon Mueller report reading at Capitol US should be producing the HIV prevention drug its research helped create MORE (D-Ill.), who chairs the commerce subcommittee, in response to the FTC complaint requested a staff briefing from Facebook.

Pallone and Schawkosky in a letter to Zuckerberg wrote that the social network "potentially misled Facebook users" into sharing personal health information, raising "concerns about Facebook's privacy policies and practices."

A Facebook spokesperson in a statement to The Hill said the company looks forward to “briefing the committee about how these products work.”

“It's intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community, and can see the posts they choose to share with that community,” the spokesperson said.

The lawmakers' request for a briefing comes as lawmakers gear up to put together a federal privacy bill, an endeavor that has garnered interest on both sides of the aisle. 

The FTC complaint claims Facebook is not transparent about how users are targeted to join certain medical support groups and how their health data could be accessed once they join those groups. 

For example, if Facebook's algorithms suspect that a user is pregnant, the platform may prompt that user to join a pregnancy support group. Though many of those groups are advertised by their administrators as "private," "anonymous" or "confidential," the data shared in those groups can be shared with third parties. 

In order to illustrate their point, the health experts in April 2018 used an outside app to download the names of all 10,000 users who were part of a group for people who had tested positive for the BRCA gene that causes an increased risk for breast cancer. 

The experts claim that those membership lists could be used by any number of outside groups, including advertisers or more nefarious groups.   

Facebook now restricts member list visibility, barring nonmembers from seeing who is in certain groups. But evidence shows there are instances in which third parties set up fake accounts to join those groups in order to scrape data from its members, Trotter told The Hill.  

"We did see ... an influx of user accounts applying to the membership of health care closed groups that looked fake," Trotter said.  

There have been multiple instances in which members of certain Facebook medical support groups have been targeted with disinformation or even harassment based on their medical condition.

Some anti-vaccination activists have targeted pregnant women on Facebook with messages about the effects of vaccinating their children, and third parties offered mental health treatments to addiction support group members.

"Sharing of privately posted personal health information violates the law, but this serious problem with Facebook’s privacy implementation also presents an ongoing risk of death or serious injury to Facebook users," the FTC complaint reads. "Facebook has ignored our requests to fix the specific issues we have identified to the company, and denies publicly that any problem exists." 

"All of this represents unfair, deceptive and misleading interactions between Facebook and its users in violation of the FTC Act," it adds.

The complaint emerges as the FTC is reportedly considering a major fine against Facebook for its handling of user privacy.

Updated at 5:56 p.m.