Friday, April 13, 2018

Grindr Fuels HIV Stigma & Fails the Most Basic Privacy Test

Guest Blog By: Marcus J. Hopkins, Blogger

Just last month, in March 2018, Grindr’s Director for Equality, Jack Harrison-Quintana, announced that the app would roll out a new feature: men who opted in would receive a reminder every three to six months to get tested for HIV, as well as receive the location information of the nearest testing site (McNeil, 2018).  “…few men will download health-oriented apps that make them feel shamed for missing a test,” Harrison-Quintana claimed. For the uninitiated, Grindr is a gay male hookup app that allows users to connect with others via their mobile devices. Users have the ability to include as much or as little personal information as they wish when creating and editing their profiles, including their HIV status and “last tested date.”

What he failed to mention, however, was that users’ HIV status with not one, but two other outside companies.

Grindr Privacy Statement
Photo Source: BusinesInsider.com

The two companies – Apptimize and Localytics – have been receiving some of the information that Grindr users choose to include in their profiles, including their HIV status and “last tested date” (Ghorayshi & Ray, 2018). BuzzFeed, who broke the story on April 02, 2018, independently verified a data analysis conducted by an outside research firm, SINTEF, who was commissioned to produce the report by Swedish public broadcaster, SVT, which first published the findings (Ghorayyshi & Ray).

This is just the latest HIV status-related debacle in recent years. In August 2017, the Community Access National Network’s HEAL Blog wrote about the inadvertent exposure of clients’ HIV status by insurance giants, Aetna and CVS/Caremark (Hopkins, 2017). Aetna, in January 2018, agreed to pay $17 million for their data breach that exposed that as many as 12,000 clients were taking HIV medications (Gordon, 2018). A Federal lawsuit was recently filed over CVS/Caremark’s release of protected client information when the company created a program identification number for each client with the letters ‘HIV’ in the number (Snell, 2018).

These kinds of breaches of privacy and public confidence should be easily avoidable. In 2018, it is so rare for other Western countries to inadvertently expose others’ HIV status, that it almost never occurs. When we hear of these stories, they frequently involve companies based in the United States, in no small part because of how lax are the repercussions for this kind of exposure. On the part of Aetna, sheer laziness led to the exposure of clients; with CVS, stupidity seems to be the cause. With Grindr, however, there are more pernicious factors at play, and honestly, there are likely to be few legal repercussions for the company in the U.S., because of our extremely lax privacy laws.

In 2017, the U.S. House of Representatives voted to repeal an Obama-era law that demanded ISPs obtain permission to share users’ personal information (Lee, 2017). While this law pertained only to ISPs and not other companies like Facebook or Google, the sentiment is clear: your personal information is up for grabs. Many European nations have incredibly strict privacy laws that require explicit informed consent before sharing any data with third parties; the U.S., however, favors a stupidly “free market,” where the sentiment is “Caveat Emptor” – “Let the buyer beware.”

Stop Stigma (with HIV/AIDS Red Ribbon)
Photo Source: Pinterest - AIDS/HIV HISTORY

This latest revelation that Grindr was sharing data likely isn’t illegal, in the same way that Facebook sharing data with Cambridge Analytica likely isn’t illegal. For people living with HIV, these kinds of data sharing arrangements help to create and perpetuate fears that their private information will be exposed to others without their direct knowledge. Our laws and system allow companies like Grindr and Facebook to post miles-long user agreements filled with legalese that is barely comprehensible to people with college education, much less those who just want to hop on an app and hook up with the nearest person they consider hot.

It’s time for a rethink in our country of how our personal information is protected, because right now, the deck is wholly stacked against us.

References:
  • Ghorayshi, A. & Ray, Sri. (2018, April 02). Grindr Is Letting Other Companies See User HIV Status And Location Data. New York, NY: BuzzFeed, Inc.: BuzzFeed News. Retrieved from: https://www.buzzfeed.com/azeenghorayshi/grindr-hiv-status-privacy?utm_term=.inno6bmJk#.kwOZAPrqR
  • Gordon, E. (2018, January 17). Aetna Agrees To Pay $17 Million In HIV Privacy Breach. Philadelphia, PA: National Public Radio: WHYY Philadelphia: Shots. Retrieved from: https://www.npr.org/sections/health-shots/2018/01/17/572312972/aetna-agrees-to-pay-17-million-in-hiv-privacy-breach
  • Hopkins, M.J. (2017, August 28). HIPAA: Healthcare mailers violate privacy rights of people living with HIV. Washington, DC: The Community Access National Network: HEAL Blog. Retrieved from: https://communityaccessnationalnetwork.wordpress.com/2017/08/28/1498/
  • Lee, D. (2017, March 29). Anger as US internet privacy law scrapped. Los Angeles, CA: BBC News: Technology. Retrieved from: http://www.bbc.com/news/technology-39427026
  • McNeil, D.G., Jr. (2018, March 26). Grindr App to Offer H.I.V. Test Reminders. New York, NY: The New York Times: Health: Global Health. Retrieved from: https://www.nytimes.com/2018/03/26/health/grindr-hiv-test-reminder.html
  • Snell, E. (2018, April 03). Federal Lawsuit Filed Following Alleged CVS Health Data Breach. Danvers, MA: Xtelligent Medica, LLC: HealthIT Security: News. Retrieved from: https://healthitsecurity.com/news/federal-lawsuit-filed-following-alleged-cvs-health-data-breach



Disclaimer: Guest blogs do not necessarily reflect the views of the ADAP Advocacy Association, but rather they provide a neutral platform whereby the author serves to promote open, honest discussion about public health-related issues and updates.

No comments: