Off Topic: Facebook 'failed to protect’ health ... - Thyroid UK

Thyroid UK

141,246 members166,490 posts

Off Topic: Facebook 'failed to protect’ health data in private groups

helvella profile image
helvellaAdministrator
9 Replies

Somewhat off-topic but potentially of considerable relevance.

One of the huge advantages of HU is that to a large extent it is possible to separate your existence here from your real name, real life and any other existence on "social media". At least, if you are reasonably careful not to post under your real name (or a name you use elsewhere) and avoid posting information the helps identify you.

I doubt many of us can separate ourselves as members of a facebook health forum from our other selves as general "social" members. (Seems likely to me that facebook might have a very good idea you are the same person even of you use two separate facebook identities.)

Facebook 'failed to protect’ health data in private groups

The way Facebook interacts with users is "unfair, deceptive and misleading", according to a complaint lodged with US regulators.

The Federal Trade Commission was told the company had failed to protect the privacy of those in patient health and other groups.

Some users may have been exposed to "life-threatening privacy violations", the complaint says.

Facebook told BBC News it was "not an anonymous platform".

The privacy of Facebook groups was brought into question last year when members of a restricted-access Facebook group for women with the Brca gene mutation discovered that their details could be downloaded by third parties.

'Privacy roulette'

While Facebook has made changes to close security loopholes, the complaint says that, under US law, the social media giant should have notified users of the downloading of their data.

"Facebook did not notify affected users within the required 60 days and we believe that Facebook has not notified the FTC of the breach within the required 10 business days," it says.

Using Facebook patient health groups is "effectively a game of privacy roulette in which users are unable to know in advance which 'connections' will hurt them by downloading the data from posts in closed and secret groups", it says.

The complaint also raises concerns about malicious users creating groups that target a vulnerable population before "being leveraged to expose Facebook users to life-threatening privacy violations".

bbc.co.uk/news/technology-4...

Written by
helvella profile image
helvella
Administrator
To view profiles and participate in discussions please or .
9 Replies
annnsandell profile image
annnsandell

Privacy on all social media platforms leaves a lot to be desired and various actions are coming forward to deal with particularly data protection issues however, if you don't post anything that is private that you do not wish someone else to see or subtract or indeed don't take part, there cannot be a problem.

When it comes to private groups they are usually open to requests and therefore anyone can infiltrate.

And of course, breaches in data protection are not just in social media platforms, the world is full of it.

So people just need to think first.

SilverAvocado profile image
SilverAvocado

I've found on Facebook quite a few thyroid health groups aren't even closed or private groups. Which means anything at all you say will be broadcasted to everyone you know, just as much as holiday pictures or whatever.

I also find Facebook much more inconvenient in general since I've been ill, and barely use it. I have started trying to follow the excellent Simply CBD Facebook group, and it's a nightmare trying to jump into it without being distracted by goodness knows what :p

There is no privacy on the internet from people who really want to know, but you can make things better by keeping an email address solely for a Facebook account and not using it for anything else, and not using your real name. Also not using that FB account to message friends and family, just for groups. No FB friends - no one to send your data to.

helvella profile image
helvellaAdministrator in reply toAngel_of_the_North

My approach has been to avoid facebook as completely as I can.

Angel_of_the_North profile image
Angel_of_the_North in reply tohelvella

I only joined it recently after Linked In groups became so poor that many very useful ones moved to FB.

zyz987 profile image
zyz987

I once mentioned my thyroid problems in PRIVATE message on facebook. Imagine my outrage when next day facebook itself started advertising me thyroid stuff!? I am glad I did not speak about ... I don't know, AIDS, venerology or something that people prefer to hide. Because when it shows on fb ads people around you can easily see it on your screen when you don't want it.

If they use it I won't be surprised if they sell it to 3rd party...

wellness1 profile image
wellness1

If you enter sensitive information on apps, Facebook may get hold of it.

wsj.com/articles/you-give-a...

Framboise profile image
Framboise

Don't you think the same danger could exist here helvella? HU know all our details, and even used to put our postcodes in our profiles and encourage us to see who lived near us (I don't think they do that any more but I opted out anyway). Their aim is to liaise with healthcare providers and pharmaceutical companies, share information from our experiences and choose participants for surveys and trials etc., and so how do any of us know how secure our identities are even here? Their video talks about using AI to gather the information they want, but that can go wrong too.

I've found Facebook invaluable at times, but I keep my account locked and never post anything there, or anywhere, that I wouldn't be happy with a friend, colleague or acquaintance reading. Likewise with LinkedIn where the basic account details can even be accessed by non-members (as can our posts here unless locked for the community only). Wherever we go on the internet we take a leap of faith in some way, I think we just have to be as careful as we can be.

helvella profile image
helvellaAdministrator in reply toFramboise

I agree there is danger here.

However, with sense, it is minimised.

By "sense", I mean:

Use a member name that is unique to HU and doesn't include obvious features like real name or location;

Use an email address just for HU;

Don't supply postcode;

Don't post details which identify your name and location - whether as typed text or in graphics.

Of course, some people need location-related information such as hospital and consultant details. But even then, make it a broad area rather than a specific place.

And I do wish HU allowed us to identify our location to the precision we wish. For example, UK, or NI, W, S or E, or county/region, or city. (Or equivalent in other countries.) There are sufficient differences among the countries of the UK for that to be a positive benefit.

Not what you're looking for?

You may also like...

Facebook hack reveals the perils of using a single account to log in to other services - including your HealthUnlocked account

One of the admins on another forum posted as below and offered it for use on other forums. I...
helvella profile image
Administrator

GPs warn over plans to share patient data with third parties in England

I wasn't going to post this as it could be thought political - at one level or another - but the...
helvella profile image
Administrator

Please be careful what information is in links you post

We have seen several posts recently which have very long links in them. For many of them, most of...
helvella profile image
Administrator

NHS Wales app

Was wandering around looking for various bits of information, as you do, and happened to see the...
helvella profile image
Administrator

Hypothyroid Patient Experiences Survey

Thyroid UK has been working on an important new project over the past couple of months and we are...
lynmynott profile image
Partner