Protection of health data comes with catches when it comes at all
Health data is the innermost kukla in the nesting doll that is personal digital privacy, and try as some might, its protection is scarcely getting better.
Developments in the United States, the European Union and China are examples of half-measures, complexity on complexity and state security inadvertently aiding private data leaks, respectively.
An article in the tech-culture publication Wired looks at the proposed American Data Privacy and Protection Act, which has been described as the United States’ best hope at actually protecting biometric and other forms of privacy.
The bill at deadline takes a heavier hand with targeted advertising, a scourge to privacy advocates, which could be prevented from dealing in biometric data.
That would be welcome news for U.S. women who were fighting for control of personal health data before the Supreme Court struck down the right to abortion.
The think tank the Brookings Institution, in a lengthy article listing threats to data privacy, notes that a company that had made period-tracking apps was forced to settle in a Federal Trade Commission case in which the firm sold data to Facebook, Google and others.
And while legislation allows for some exceptions when it comes to pre-empting state laws and regulations (Illinois’ Biometric Information Privacy Act likely would be one) the draft would limit a private right of action, which could pull teeth from targeted-ad provisions.
In the EU, a pair of data protection offices in the government have problems with the proposed European Health Data Space. If approved by the European Commission, it would finalize a so-called European Health Union to the secure use and re-use of health data for the benefit of all EU citizens.
Andrea Jelinek, chair of the European Data Protection Board, has issued a statement pointing out that privacy rights in the Health Data Space proposal conflict with those created by the General Data Protection Regulation.
Taking a step back, Jelinek and Data Protection Supervisor Wojciech Wiewiórowski expressed optimism about consumers getting more control of their biometric data. But in this situation, it would come with another layer of regulation over health data processing.
Considering the messiness and sometimes lackadaisical efforts to protect health data in Europe and America can lead the most committed democrat to wish for a little autocracy.
But autocratic surveillance state China seems to have digitally surveilled itself into cybersecurity weakness. Because so much of it is centralized under government control, gouts of personal information can be collected and sold after just one successful attack.
A Wall Street Journal article has collected numerous examples of data breaches within its borders, one of which involved a block of 1 billion citizen files stolen from the Shanghai police. And they were all for sale.
The paper says it has witnessed tens of thousands of databases in China that are online with no security. More than 700 terabytes of data is exposed, a total unmatched by any other nation. The United States is a not-distant second place.
Noting Shanghai above is important because that city was a pioneer in harvesting a mind-boggling bank of data. It includes public health care, security and transportation. The Journal says all the information was integrated in an AI platform.