On March 30, 2021, Professor Jessica Roberts, the Leonard H. Childs Chair in Law, Professor of Medicine, and Director of the Health Law & Policy Institute at the University of Houston Law Center, presented the final lecture of the 2020-2021 Rothenberg Health Care Law & Policy Speaker Series. Roberts specializes in genetics and the law, health law, and disability law.
Professor Diane Hoffmann, Director of The Law & Health Care Program welcomed Professor Roberts, , who spoke about the “Uncertain Terms” in the privacy policies of health “apps.” Her talk was an outgrowth of her article of the same name forthcoming in the Notre Dame Law Review, co-authored with fellow University of Houston Law Center faculty Leah R. Fowler, Research Assistant Professor and Research Director, Health Law & Policy Institute, and Jim Hawkins, Alumnae College Professor in Law.
Professor Roberts began by sharing a Federal Trade Commission (FTC) complaint involving a “femtech” (female technology) company which had shared its customers’ highly sensitive data about, among other things, their pregnancy and menstruation symptoms, to third parties without the users’ informed consent. In a particularly egregious example, Professor Roberts noted that “Facebook received information that individual consumers were either having their periods or trying to get pregnant, allowing the social media platform to target its advertising to those users.” While this complaint was settled by the FTC in January of this year, (See In the Matter of Flo Health, Inc.) Roberts asserts that this was not an isolated incident, and that such privacy breaches should raise consumer concern and prompt legislative, regulatory, and judicial action.
Professor Roberts and her co-authors surveyed thirty femtech, mental health, and genetic app companies, reviewing their terms of service (ToS), privacy policies, and ability to make unilateral term changes. Sharing the findings of this study with the Speaker Series’ audience, Professor Roberts noted that the vast majority of apps surveyed permitted unilateral changes to their ToS, privacy policies, or both. She explained that “health laws and regulations, contract law, and consumer law all permit entities to make enforceable one-sided changes” and that this leaves users potentially vulnerable to undesirable sharing of their sensitive information. Summing up next steps, Professor Roberts shared proposed solutions including Federal data protection legislation, increased FTC oversight, and an enhanced common law duty of good faith.
During a lively question and answer session with an audience of over fifty scholars, law students, alumni, and health law practitioners, Professor Roberts addressed questions about privacy in advertising, technical hurdles to segregating and protecting private health data, and the applicability of HIPAA to such data. As a closing thought, Professor Roberts noted that although this particular study was presented in the context of health law, concerns about data and privacy for app users also arise in other contexts such as location software, dating profiles, and financial applications.
Professor Roberts’ webinar was a fascinating and timely conclusion to the 2020-2021 Rothenberg Health Care Law & Policy Speaker Series. The series, established with funding from the Karen Rothenberg and Jeffrey Seltzer Law & Health Care Program Endowment, focuses on contemporary issues in health care law and policy. You can find recordings of the first three speakers here.
Related: Professor Natalie Ram publishes article in Science on regulating use of genetic genealogy