Opinion | The Gold Rush for Private Health Data

Opinion | The Gold Rush for Private Health Data

“Claim Your 31st Right,” declares the #My31 app’s splash screen. “Review, share, and confirm your HUMAN right to your data as your property.”

(The United Nations Declaration of Human Rights currently has 30, so a right to data would presumably come next.)

That’s why #My31 doesn’t bill itself as a business so much as a cause. “Join the movement by staking a claim to data you’ve produced, declaring it your personal property,” proclaims the App Store description. Sign up, the app says, and “get a title of ownership for your personal data.”

The idea is that once you own your data, you can sell it. Many companies seem convinced that this is the future. PatientSphere, a platform for health care information, purports to offer patients “the ability to not only share” data on their own terms, “but also get paid for it.” PatientTruth similarly bills itself as a health record system and a way for patients to “own” and “monetize” their health data. SUPA, which markets smart exercise bras to Gen Z, offers money in exchange for data. “SUPA is tokenizing the body,” the company website declares.

All of these apps, platforms and services use blockchain — a technology first used by bitcoin, a type of digital money — to store health information. Because the term “blockchain” has become so nebulous, it’s difficult to pin down the actual upsides to storing health data this way. In most situations, blockchain is not any more secure, reliable or usable than its alternatives. But it does have one distinct advantage: A data-sharing platform can double as both database and cryptocurrency. Behold, the data pays for itself.

There’s just one small wrinkle. There’s no legal property right to personal data.

Once personal data is gathered, it’s out there for anyone to buy and sell. At the moment, there are no legal grounds to demand compensation for use. What these new companies are trying do is to create a new type of data brokerage system that replaces the current system of data brokerage. According to Richie Etwaru, the chief executive officer of Hu-manity.co, the company behind the #My31 app, de-identified health information is already being sold to pharmaceutical companies behind the scenes. This data is being gathered from service providers — like health records software companies — that work with doctors and hospitals. It’s then aggregated and sold for both research and marketing. What Hu-manity.co and its competitors want to do is make sure the patients get paid for those sales — and these new middlemen will take a small percentage, of course.

But such a major change in the way the information economy operates requires changing the law. That’s what these companies are trying to do — quietly, at the state level.

[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]

Legally vesting ownership in data isn’t a new idea. It’s often been kicked around as a way to strengthen privacy. But the entire analogy of owning data, like owning a house or a car, falls apart with a little scrutiny.

A property right is alienable — once you sell your house, it’s gone. But the most fundamental human rights are inalienable, often because the rights become meaningless once they are alienable. What’s the point of life and liberty if you can sell them?

Other forms of property rights are restricted by law because society has recognized the potential of exploitation. For example, it’s illegal to sell your organs in the United States.

Data doesn’t feel as personal as a kidney. But the potential for economic exploitation is just as rife. Data ownership could lead privacy to become more of a luxury good than it already is.

Besides that, personal data can never solely belong to a single person. Your location data can give away the whereabouts of your spouse. Your health records give away information about your biological children. If you sell your genetic privacy, are your parents entitled to a percentage?

In any case, we already know what happens when property rights get slapped on information, because we’ve already done it, to some degree, in copyright law.

Still, the idea of data as property is gaining momentum. In February, California’s governor, Gavin Newsom, called for a “data dividend” to be paid to Californians for the use of their personal information. Senator John Kennedy introduced a bill this term called the “Own Your Data Act.” Senators Mark Warner and Josh Hawley have introduced a bill requiring large tech companies to publicly put a price on their users’ data.

And in Oregon, Hu-manity.co wrote and pushed for a bill granting property rights in health information. The law, as first written, specifically granted an individual the right to de-identify information protected by the Health Insurance Portability and Accountability Act, known as H.I.P.P.A., in exchange for financial remuneration.

The bill was wildly popular when it was introduced and was backed by 35 sponsors — more than one-third of the Oregon State Legislature.

But the American Civil Liberties Union called the bill a Trojan horse. The Electronic Frontier Foundation said it would “incentivize people to give up their fundamental right to privacy and exacerbate inequality by specifically encouraging vulnerable lower-income people to pour more personal information into an industry that exploits and discriminates against them.”

“We’re not a data broker, we’re a consent ally,” Mr. Etwaru said. Since data was already being bought and sold, Hu-manity.co was merely allowing patients to have more control of the process. He did not explain exactly how people would end up being compensated. (The app gives users credits called “hu.”)

In the end, the bill went nowhere.

That’s for the best. But it won’t be the end of the myth of data ownership, or the wave of start-ups looking to capitalize on it.

Source link