As Duhigg demonstrated, crossing into a zone where privacy is expected is a recipe for trouble. Target should have anticipated that projecting the
reproductive status of a woman would be invasive. Yet privacy intrusions span the full range from highly offensive to inane. President Clinton was once
asked the question, "Is it boxers or briefs?" regarding his choices in underwear. Today, one might simply purchase such information.
One might expect that Target and other firms will argue that by choosing to engage in commerce with them, one waives any expectation of privacy regarding
either purchases or profiling. Yet such an argument infers that one must shop with cash while wearing a mask to preserve some semblance of privacy in
essential transactions. Certainly not a satisfactory answer.
Another premise presented is that by yielding privacy, consumers gain some advantage. Yet as I recall the creation of many customer membership or loyalty
card programs in the 1990s, the consumer benefits appear questionable. In shopping for groceries at Safeway for example, one day a customer could purchase
special promotional items. The next, one needed a "Safeway Club" card to make purchases at the sale price. As a mischievous graduate student I'd shop with
friends and we would purchase beer using one card, fresh fruits and vegetables on a second, and staples on another. Then contemplate what analysts would do
with that information. Yet such consumer evasion is hardly a practical strategy for maintaining privacy. Soon we may see facial recognition software used
to identify customers -- obviating the need for even carrying such a card. I wish I had confidence that wasn't the next logical step. But I think we know
better than that. This is certainly not the vision of an "empowered consumer."
Rapidly expanding and interconnected data thus raise the risk of adverse impacts arising from discrimination, posing the challenge of how to realize the
benefits of technology while minimizing harm -- and applications involving personal health data present some of the greatest hazards. While considerable
risk reduction can be achieved by simply securing health data in accordance with the ancient Hippocratic Oath, the creation of health data surrogates
threatens to undermine that.
At the same time, it is important to note that even in the absence of the use of surrogate measures, the Recovery Act left significant gaps in the
protection of health data. The Act did not address many internet health applications, nor is there even sufficient consumer warning regarding the risks
associated with divulging health data in social networking. Individuals must recognize that what one shares regarding health on line is often not
Despite the hazards posed by both actual and surrogate health data, an examination of what has been said about not only health IT, but information sharing
more generally, yields an overwhelmingly positive view. An on-line inquiry will generate results dominated by tech luminaries who lead firms that have
created such products as search engines, social networks, and marketing and communications applications -- but relatively few from legal or ethical
authorities. It is significant that those search results ranked highest reflect glowing depictions of a world with an unimpeded flow of data -- yet these
typically emanate from those who profit by the sale of personal data, including many uses that may not be in an individual's best interest. Ironically,
many such luminaries are themselves not so trusting in terms of sharing their own information. This brings to mind the answer of Mark Zuckerberg of
Facebook, to the question of why users would entrust their private data to him. His reply characterized his view of those who would do so: "Dumb f***s."
That underscores the problem. As many seek to mine the health data of Americans, either directly or via surrogate measures -- it has become the Wild West
out there. And millions are just beginning to recognize that they are not the customers in such endeavors, but the product. Should we fail to better
address the use of medical information and its surrogates, millions may find themselves not only product, but victim as well.
It may be time for the second civil rights bill of the 21st century.