Patients, health data experts accuse Facebook of exposing personal info

A group of patients and health data experts is accusing Facebook of misleading users about how their personal health information can be manipulated and exposed without patients' explicit permission.

In a Federal Trade Commission (FTC) complaint released publicly on Tuesday, the group alleges that Facebook prompts its users to join online medical support groups under the guise that they are "private" – but does not make clear that users could expose their health data when they join those groups.


"I think the highest-level deception is that they call [these medical support groups] safe," Fred Trotter, a security researcher and one of the complainants, told The Hill. He pointed out that Facebook executives, including Facebook CEO Mark ZuckerbergMark Elliot ZuckerbergOvernight Health Care: Juul's lobbying efforts fall short as Trump moves to ban flavored e-cigarettes | Facebook removes fact check from anti-abortion video after criticism | Poll: Most Democrats want presidential candidate who would build on ObamaCare Hillicon Valley: Google to promote original reporting | Senators demand answers from Amazon on worker treatment | Lawmakers weigh response to ransomware attacks Facebook removes fact check from anti-abortion video after criticism MORE, have touted the medical support groups as an opportunity for patients to support one another, while failing to disclose that the group members' data could be mined for ad targeting and harassment.

House Energy and Commerce Chairman Frank Pallone Jr.Frank Joseph PalloneHotel industry mounts attack on Airbnb with House bill Push on 'surprise' medical bills hits new roadblocks Overnight Health Care: Insurance lobby chief calls Biden, Sanders health plans 'similarly bad' | Trump officials appeal drug price disclosure ruling | Study finds 1 in 7 people ration diabetes medicine due to cost MORE (D-N.J.) and Rep. Jan SchakowskyJanice (Jan) Danoff SchakowskyLawmakers jump-start talks on privacy bill The Hill's Morning Report — Mueller testimony gives Trump a boost as Dems ponder next steps On The Money: House to vote on budget deal Thursday | US, China resuming trade talks next week | Mnuchin backs DOJ tech antitrust probe MORE (D-Ill.), who chairs the commerce subcommittee, in response to the FTC complaint requested a staff briefing from Facebook.

Pallone and Schawkosky in a letter to Zuckerberg wrote that the social network "potentially misled Facebook users" into sharing personal health information, raising "concerns about Facebook's privacy policies and practices."

A Facebook spokesperson in a statement to The Hill said the company looks forward to “briefing the committee about how these products work.”

“It's intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community, and can see the posts they choose to share with that community,” the spokesperson said.

The lawmakers' request for a briefing comes as lawmakers gear up to put together a federal privacy bill, an endeavor that has garnered interest on both sides of the aisle. 

The FTC complaint claims Facebook is not transparent about how users are targeted to join certain medical support groups and how their health data could be accessed once they join those groups. 

For example, if Facebook's algorithms suspect that a user is pregnant, the platform may prompt that user to join a pregnancy support group. Though many of those groups are advertised by their administrators as "private," "anonymous" or "confidential," the data shared in those groups can be shared with third parties. 

In order to illustrate their point, the health experts in April 2018 used an outside app to download the names of all 10,000 users who were part of a group for people who had tested positive for the BRCA gene that causes an increased risk for breast cancer. 

The experts claim that those membership lists could be used by any number of outside groups, including advertisers or more nefarious groups.   

Facebook now restricts member list visibility, barring nonmembers from seeing who is in certain groups. But evidence shows there are instances in which third parties set up fake accounts to join those groups in order to scrape data from its members, Trotter told The Hill.  

"We did see ... an influx of user accounts applying to the membership of health care closed groups that looked fake," Trotter said.  

There have been multiple instances in which members of certain Facebook medical support groups have been targeted with disinformation or even harassment based on their medical condition.

Some anti-vaccination activists have targeted pregnant women on Facebook with messages about the effects of vaccinating their children, and third parties offered mental health treatments to addiction support group members.

"Sharing of privately posted personal health information violates the law, but this serious problem with Facebook’s privacy implementation also presents an ongoing risk of death or serious injury to Facebook users," the FTC complaint reads. "Facebook has ignored our requests to fix the specific issues we have identified to the company, and denies publicly that any problem exists." 

"All of this represents unfair, deceptive and misleading interactions between Facebook and its users in violation of the FTC Act," it adds.

The complaint emerges as the FTC is reportedly considering a major fine against Facebook for its handling of user privacy.

Updated at 5:56 p.m.