Terms of Service (TOS) Under Scrutiny - Part VIII - Medical Surveillance Growing in the Amazon

posted by Roy Schestowitz on Aug 31, 2024

IN the last part (Terms of Service (TOS) Under Scrutiny - Part VII - Pharmacies in the Age of "Online" and "App" and "Gimme Dat!") we started discussing pharmacies and medication/s. Most people don't buy medication/s, even "over-the-shelf" items, by literally taking them off the shelf and paying cash. This means that shops and clinics have more or less the same data and sometimes shops have more data than one's medical records. That's a problem.

There are some issues to consider when adopting GAFAM (or similar, there are typically "local" equivalents in each large nation). Let's talk about this. We'll be doing the same in the next 2 parts and more examples will be given next month with view on TOS loopholes.

Curiously enough, or perhaps by sheer coincidence, this story was shared by someone in IRC yesterday. It culls some of the surveillance of Vox and relays:

As far as I know, Amazon can. HIPAA, the federal law that protects health privacy, is narrower than most people think. It only applies to health care providers, insurers, and companies that manage medical records. HIPAA requires those entities to protect your data as it moves between them, but it wouldn’t apply to your Amazon purchases, according to Suzanne Bernstein, a legal fellow at the Electronic Privacy Information Center (EPIC).

“That background is especially important, as Amazon and other companies continue to collect, process, and use tremendous amounts of consumer health data that falls outside of HIPAA scope,” Bernstein said. “And it’s not the fault of American consumers for not necessarily knowing all that.”

In the absence of any federal protections, some states have passed their own data privacy laws. While California is perhaps most famous for giving its citizens more control over their data, Washington state changed the conversation around health data privacy when it enacted its My Health My Data Act last year. This law defines consumer health data much more broadly, Bernstein explained, so that any information about a consumer’s past, present, or future health conditions is covered. That might mean that Washington residents have the right to some privacy when their Amazon purchases indicate a health condition. It’s so far unclear how the law might apply to Amazon, which is based in Washington.

The original is full of trackers and looks like this:

The issue of US pharmacies in the "digital" age was discussed yesterday in IRC. Some Americans bring up spying fridges - apparently the subject of growing scorn, even in the US media. We'll be talking about that in the next two parts as well. That happens in pharmacies and equivalents. This should not be happening.

A recent presentation by a reader of ours covered the following issue:

Rite Aid banned from using face rec until January 2029

Effective 01/2024

Why? Rite aid implemented and deployed this face rec system with no reasonable safeguards.

"The Federal Trade Commission has reached a settlement with Rite Aid, banning the pharmacy chain from using facial recognition technology for the next five years, following charges that the company misused the biometric tech in hundreds of its stores."

From 2012-2020, Rite Aid used face recognition to identify shoplifting and other "problematic behavior". The system identified some visitors as shoplifters and subsequent following customers in the store, searching customers, calling police and accusing was deemp to be due to false identification "disproportionately impacted people of color".

Rite Aid received a 5 year sentence – started Jan 2024.

We'll have more in the next part, some time tomorrow or on Monday. █