Facebook’s Health Data Sharing Practices Investigated by New York State Departments

Sensitive health data is collected by Facebook from third party apps, even if the user has not logged in via Facebook or doesn’t even own a Facebook account according to a recent analysis of Facebook’s data collection practices.

Private information such as heart rate data, blood pressure measurements, menstrual cycle data, and other health metrics are handed over to Facebook, often without the user’s knowing or any specific disclosure that data provided by users or collected directly by apps are shared with the social media platform.

The Wall Street Journal recently conducted an investigation which tested various health-related apps. Although it was known that some of those apps send data to Facebook about when they are used, just how much data sharing that was occurring was not well understood. It was revealed by the report that 11 popular smartphone apps have been handing over sensitive data to Facebook without any apparent consent obtained from users.

On one particular app, Flo Period & Ovulation Tracker, dates of a user’s last period are shared with Facebook and the predicted date when the user is ovulating. Similarly, the Instant Heart Rate: HR Monitor App in the Apple iOS store was discovered to send users’ heart rate information to Facebook right after it is recorded. Neither of these apps or any others that were found to be sharing sensitive data with Facebook appeared to offer users a way of opting out of having their data shared.

The WSJ report notes that while the data sent by these apps may be anonymous, Facebook have a method of matching the information with a particular Facebook user and use the data to target specific ads.

The WSJ made contact with Facebook in relation to the report and received a reply confirming that some of the apps cited in the report appeared to be violating its business terms and that the social media platform does not authorize app developers to share “health, financial information or other categories of sensitive information,” and that the responsibility lies with the app developers to be clear to their users about the information that is being shared. A Facebook spokesperson also spoke to Reuters, saying “we also take steps to detect and remove data that should not be shared with us.”

Investigation of Facebook Instructed by New York Governor

New York State Governor Andrew M. Cuomo issued a press release on Friday, February 22, 2019, stating that he has instructed the Department of Financial Services and the Department of State to investigate how Facebook is acquiring health data and other sensitive information from developers of smartphone apps and the alleged breaches of Facebook’s own business terms and privacy violations.

Cuomo also said that if WSJ’s findings are correct, it amounts to “an outrageous abuse of privacy.”

Cuomo is determined to ensure companies are held responsible for upholding the law and ensuring the sensitive data of smartphone users is kept private and confidential. Personal data should not be shared with other companies without the clear consent of users.