Off Topic: Facebook 'failed to protect’ health ... - Thyroid UK

Thyroid UK

141,246 members•166,490 posts

Off Topic: Facebook 'failed to protect’ health data in private groups

helvellaAdministrator•

6 years ago•9 Replies

Somewhat off-topic but potentially of considerable relevance.

One of the huge advantages of HU is that to a large extent it is possible to separate your existence here from your real name, real life and any other existence on "social media". At least, if you are reasonably careful not to post under your real name (or a name you use elsewhere) and avoid posting information the helps identify you.

I doubt many of us can separate ourselves as members of a facebook health forum from our other selves as general "social" members. (Seems likely to me that facebook might have a very good idea you are the same person even of you use two separate facebook identities.)

Facebook 'failed to protect’ health data in private groups

The way Facebook interacts with users is "unfair, deceptive and misleading", according to a complaint lodged with US regulators.

The Federal Trade Commission was told the company had failed to protect the privacy of those in patient health and other groups.

Some users may have been exposed to "life-threatening privacy violations", the complaint says.

Facebook told BBC News it was "not an anonymous platform".

The privacy of Facebook groups was brought into question last year when members of a restricted-access Facebook group for women with the Brca gene mutation discovered that their details could be downloaded by third parties.

'Privacy roulette'

While Facebook has made changes to close security loopholes, the complaint says that, under US law, the social media giant should have notified users of the downloading of their data.

"Facebook did not notify affected users within the required 60 days and we believe that Facebook has not notified the FTC of the breach within the required 10 business days," it says.

Using Facebook patient health groups is "effectively a game of privacy roulette in which users are unable to know in advance which 'connections' will hurt them by downloading the data from posts in closed and secret groups", it says.

The complaint also raises concerns about malicious users creating groups that target a vulnerable population before "being leveraged to expose Facebook users to life-threatening privacy violations".

bbc.co.uk/news/technology-4...

Written by

helvella

Administrator

To view profiles and participate in discussions please or .

9 Replies

•

annnsandell6 years ago

Privacy on all social media platforms leaves a lot to be desired and various actions are coming forward to deal with particularly data protection issues however, if you don't post anything that is private that you do not wish someone else to see or subtract or indeed don't take part, there cannot be a problem.

When it comes to private groups they are usually open to requests and therefore anyone can infiltrate.

And of course, breaches in data protection are not just in social media platforms, the world is full of it.

So people just need to think first.

SilverAvocado6 years ago

I've found on Facebook quite a few thyroid health groups aren't even closed or private groups. Which means anything at all you say will be broadcasted to everyone you know, just as much as holiday pictures or whatever.

I also find Facebook much more inconvenient in general since I've been ill, and barely use it. I have started trying to follow the excellent Simply CBD Facebook group, and it's a nightmare trying to jump into it without being distracted by goodness knows what

Angel_of_the_North6 years ago

There is no privacy on the internet from people who really want to know, but you can make things better by keeping an email address solely for a Facebook account and not using it for anything else, and not using your real name. Also not using that FB account to message friends and family, just for groups. No FB friends - no one to send your data to.

helvellaAdministrator• in reply toAngel_of_the_North6 years ago

My approach has been to avoid facebook as completely as I can.

Angel_of_the_North• in reply tohelvella6 years ago

I only joined it recently after Linked In groups became so poor that many very useful ones moved to FB.

zyz9876 years ago

I once mentioned my thyroid problems in PRIVATE message on facebook. Imagine my outrage when next day facebook itself started advertising me thyroid stuff!? I am glad I did not speak about ... I don't know, AIDS, venerology or something that people prefer to hide. Because when it shows on fb ads people around you can easily see it on your screen when you don't want it.

If they use it I won't be surprised if they sell it to 3rd party...

wellness16 years ago

If you enter sensitive information on apps, Facebook may get hold of it.

wsj.com/articles/you-give-a...

Framboise6 years ago

Don't you think the same danger could exist here helvella? HU know all our details, and even used to put our postcodes in our profiles and encourage us to see who lived near us (I don't think they do that any more but I opted out anyway). Their aim is to liaise with healthcare providers and pharmaceutical companies, share information from our experiences and choose participants for surveys and trials etc., and so how do any of us know how secure our identities are even here? Their video talks about using AI to gather the information they want, but that can go wrong too.

I've found Facebook invaluable at times, but I keep my account locked and never post anything there, or anywhere, that I wouldn't be happy with a friend, colleague or acquaintance reading. Likewise with LinkedIn where the basic account details can even be accessed by non-members (as can our posts here unless locked for the community only). Wherever we go on the internet we take a leap of faith in some way, I think we just have to be as careful as we can be.

helvellaAdministrator• in reply toFramboise6 years ago

I agree there is danger here.

However, with sense, it is minimised.

By "sense", I mean:

Use a member name that is unique to HU and doesn't include obvious features like real name or location;

Use an email address just for HU;

Don't supply postcode;

Don't post details which identify your name and location - whether as typed text or in graphics.

Of course, some people need location-related information such as hospital and consultant details. But even then, make it a broad area rather than a specific place.

And I do wish HU allowed us to identify our location to the precision we wish. For example, UK, or NI, W, S or E, or county/region, or city. (Or equivalent in other countries.) There are sufficient differences among the countries of the UK for that to be a positive benefit.