An analysis of the data collection practices of Facebook by the Wall Street Journal recently revealed Facebook was getting sensitive health data from third party applications, even if a user did not sign into his/her Facebook account or does not have a Facebook account.
Personal data such as blood pressure readings, heart rate information, menstrual cycle information, and other health-related metrics are given to Facebook by some apps without the user being made aware that their health metrics are being shared. There’s no specific disclosure that the information entered into apps by users will be shared with Facebook.
The Wall Street Journal tested some of the most popular health-related apps out of concerns that data may be shared with the social media platform without authorization. The WSJ report showed that 11 well-known smartphone applications were passing sensitive information to Facebook without first getting users’ consent.
The Flo Period & Ovulation Tracker app, for example, shares a user’s date of their last period with Facebook along with the expected date of ovulation. The Apple iOS store’s Instant Heart Rate: HR Monitor App was found to provide the heart rate data of users to Facebook the moment that information is recorded. Those and the other apps that were found to share data with Facebook offered users an option of opting out. The WSJ report remarks that although the apps send anonymous data, Facebook could still match the data with a specific Facebook user in order to serve them targeted adverts.
The WSJ contacted Facebook about the issue. A spokesperson for Facebook said some apps mentioned in the WSJ report did appear to be in violation of Facebook’s business terms. Facebook does not allow app developers to provide health, financial data or other types of sensitive data. App developers are responsible for ensuring that those types of data are not shared with Facebook and to notify app users what information will be shared. Facebook also said that when data is found that should not have been shared, it is routinely deleted.
In a February 22, 2019 press release, New York State Governor Andrew M. Cuomo stated that the Department of State and the Department of Financial Services have been instructed to investigate how developers of smartphone apps are able to share health data and other sensitive information with Facebook as well as the supposed privacy violations and breaches of the business terms of Facebook indicated by the WSJ report.
According to Cuomo, if the report of the WSJ is correct, companies will be held responsible for the abuse of privacy. He explained that the sensitive information of smartphone users must be kept private and secure and information should not be disclosed to other entities without the consent of users. Cuomo also suggested Federal regulators also need to need to investigate this matter and put a stop to illegal data sharing practices.