A group of patients and health data experts is accusing Facebook of misleading users about how their personal health information can be manipulated and exposed without patients' explicit permission.
In a Federal Trade Commission (FTC) complaint released publicly on Tuesday, the group alleges that Facebook prompts its users to join online medical support groups under the guise that they are "private" – but does not make clear that users could expose their health data when they join those groups.
"I think the highest-level deception is that they call [these medical support groups] safe," Fred Trotter, a security researcher and one of the complainants, told The Hill. He pointed out that Facebook executives, including Facebook CEO Mark Zuckerberg, have touted the medical support groups as an opportunity for patients to support one another, while failing to disclose that the group members' data could be mined for ad targeting and harassment.
Pallone and Schawkosky in a letter to Zuckerberg wrote that the social network "potentially misled Facebook users" into sharing personal health information, raising "concerns about Facebook's privacy policies and practices."
A Facebook spokesperson in a statement to The Hill said the company looks forward to “briefing the committee about how these products work.”
“It's intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community, and can see the posts they choose to share with that community,” the spokesperson said.
The lawmakers' request for a briefing comes as lawmakers gear up to put together a federal privacy bill, an endeavor that has garnered interest on both sides of the aisle.
The FTC complaint claims Facebook is not transparent about how users are targeted to join certain medical support groups and how their health data could be accessed once they join those groups.
For example, if Facebook's algorithms suspect that a user is pregnant, the platform may prompt that user to join a pregnancy support group. Though many of those groups are advertised by their administrators as "private," "anonymous" or "confidential," the data shared in those groups can be shared with third parties.
In order to illustrate their point, the health experts in April 2018 used an outside app to download the names of all 10,000 users who were part of a group for people who had tested positive for the BRCA gene that causes an increased risk for breast cancer.
The experts claim that those membership lists could be used by any number of outside groups, including advertisers or more nefarious groups.
Facebook now restricts member list visibility, barring nonmembers from seeing who is in certain groups. But evidence shows there are instances in which third parties set up fake accounts to join those groups in order to scrape data from its members, Trotter told The Hill.
"We did see ... an influx of user accounts applying to the membership of health care closed groups that looked fake," Trotter said.
There have been multiple instances in which members of certain Facebook medical support groups have been targeted with disinformation or even harassment based on their medical condition.
Some anti-vaccination activists have targeted pregnant women on Facebook with messages about the effects of vaccinating their children, and third parties offered mental health treatments to addiction support group members.
"Sharing of privately posted personal health information violates the law, but this serious problem with Facebook’s privacy implementation also presents an ongoing risk of death or serious injury to Facebook users," the FTC complaint reads. "Facebook has ignored our requests to fix the specific issues we have identified to the company, and denies publicly that any problem exists."