Welcome to The Corner. In this issue, we explore how evolving digital advertising trends make it increasingly difficult for regulators to protect Americans’ health data.

New Digital Ad Models Limit Reach of FTC’s Recent Action on Health Data Privacy

Karina Montoya

The Federal Trade Commission (FTC) early in March fined the digital mental health platform Better Help $9 million for falsely telling users their health data wasn’t being used for targeted advertising. The company, which runs an app that matches users with mental health professionals, shared identifiable medical data with platforms like Facebook and Criteo, which then targeted users on social media and websites. Better Help made “millions of dollars” from such sales, the FTC said. The agency also banned Better Help from continuing this practice unless it obtained “affirmative express consent” from its users.

For many experts, the action shows the FTC is taking significant efforts to crack down on the online sales of Americans’ health data by companies not covered by the 1996 Health Insurance Portability and Accountability Act (HIPAA).

But as digital advertising trends evolve in a regulatory environment that allows digital platforms to work around stringent privacy protections, these efforts may prove insufficient. Regulations will have to target not just current sales of health data, but new advertising practices, such as digital retail media, that seek to monetize data coming from a variety of businesses, including drugstores and medical offices.

HIPAA was designed to protect the confidentiality of personally identifiable information from unauthorized breaches. But the law dates to a time when health information flowed mainly between a patient, a doctor, and the insurance company. The law therefore applies directly only to health care providers, health plans, and business associates such as billing and claim processing companies.

Social media platforms, credit report agencies, websites, and apps that deal with a variety of data for advertising purposes are not HIPAA-covered entities. Therefore, they “can legally collect, share and sell — can broker access to — Americans’ health data, from surgical histories to drug prescriptions,” Justin Sherman, senior fellow at Duke University's Sanford School of Public Policy, explained recently.

But when these non-HIPAA entities deal with personal health data, the FTC has authority to enforce its Health Breach Notification Rule, which requires certain personal health record vendors to notify consumers of a breach of their data. This explains why, for companies such as Better Help, FTC enforcement is focused on deceptiveness, unfairness, and the company’s failure to notify consumers of a data breach, and is not a privacy violation per se.

In this context, the rise of retail media, a trend where retailers sell advertising space on and off their physical and digital presence, may soon take the brokerage of health data to another frontier. Early adopters of retail media that handle health data, but who aren’t covered by HIPAA, include CVS and Walgreens. Both enable advertisers and suppliers to reach consumers with ads, on and off their own websites, when consumers are in a “shopping mood.” At drugstores, this means consumers are profiled for advertising based on their health-related purchases.

Everyone wants a piece of the retail media cake. Small medical practices also seem to be shifting their traditional, non-invasive advertising of pharma products to behavioral advertising, pushed by marketing agencies’ new practices. In a traditional marketing setup, whenever we were at a doctor’s office waiting room, we might find ad panels on the wall or brochures about some new medication. Alternatively, if we reached for a magazine at the center table, it would most likely have health-related ads.

Today, based on the promise of behavioral advertising to reach consumers at the “point of purchase,” marketing agencies are selling digital “point-of-care advertising” in primary care practices as well. As the marketing agency Doceree put it recently, soon, whenever we find ourselves in a medical waiting room, we will open our phones and get a pop-up to “remind us about a recommendation for a new medication.” And as the Cardinal Digital Marketing agency makes clear, whenever a doctor’s office advertises third-party products on email following a patient consultation, they may use “data-driven campaigns with content tailored to the patient’s medical service history.”

As explained by FTC Commissioners Alvaro Bedoya and Rebecca Slaughter in a statement regarding Amazon’s recent acquisition of primary care provider One Medical, even when health data is covered by HIPAA and its 1999 Privacy Rule, once data is “de-identified” – stripped of the information that could be used to link that data back to a specific person – it can be used not only for public-interest medical research, but for any purpose.

Considering the vast troves of data that retailers amass, combining de-identified medical records with health-related purchases may just be enough to generate highly intrusive and even dangerous ad-targeting insights. The longer these loopholes remain open, the more challenging it will be for Americans to take back control of their health data.

Open Markets and Partners Call on EU To Fairly Distribute Clean Energy Subsidies

Open Markets Institute, in collaboration with Balanced Economy Project and the European Digital SME Alliance, sent an open letter to the European Commission calling for fairness in the distribution of clean energy subsidies for firms on the continent, which come in response to provisions for U.S. firms in the Inflation Reduction Act. The letter urges the regulatory body to ensure large corporations don’t seize the lion’s share of the subsidies and that investment also benefit the small and medium-sized companies that produce the most innovative emerging green technologies. The letter sets out a number of recommendations for achieving this, including transparency and requirements linked to the EU’s social and economic objectives.

The letter reads, in part: “While many others, including national governments themselves, have rightly warned that a more permissive state aid framework risks disproportionately benefiting larger member states with greater fiscal firepower, we should be just as worried about the prospect of large and dominant companies capturing the majority of the funding, elbowing SMEs aside.” OMI’s Europe director Max von Thun appeared on BBC radio to discuss the joint letter, which also received coverage in Euractiv.

📝 WHAT WE'VE BEEN UP TO:

Open Markets Institute executive director Barry Lynn spoke at the Antitrust, Regulation, and the Political Economy conference in Brussels. Lynn spoke about how to use competition policy principles to structure a more stable, inclusive, and peaceful international industrial and trading system. Other speakers included EC Vice President Margrethe Vestager, Advocat General of the Court of Justice of the European Union Julianne Kokott, DOJ Antitrust Division chief Jonathan Kanter, CFPB Director Rohit Chopra, FTC Commissioner Rebecca Slaughter, Bundeskartellamt Director Andreas Mundt, Chief Executive of the UK Competition Markets Authority Sarah Cardell, Member of the European Parliament Stephanie Yon-Courtin, Member of the European Parliament Rene Repasi, Congressman Ken Buck (R-CO), former White House competition coordinator Tim Wu, and Financial Times columnist Rana Foroohar.
The Open Markets Institute released a statement decrying the Surface Transportation Board’s approval of the merger between Canadian Pacific and Kansas City Southern railroads. Policy director Phillip Longman said, “By bringing further concentration to an already highly monopolized industry, the STB makes a mockery of the idea that market forces alone can constrain the predatory behavior of the hedge funds that now control America’s vital rail infrastructure.” Longman’s statement was covered in The American Prospect.
Open Markets’ Barry Lynn released a statement on the Federal Trade Commission’s (FTC) decision to oppose Intercontinental Exchange’s (ICE) $13 billion takeover of mortgage data company Black Knight, saying, “Vertical integration between financial services companies and the information and data services sector that supplies trusted, independent information to inform trades undermines the stability of the marketplace and promotes unfair and dangerous concentration of power and control.”
Open Markets’ reporter Karina Montoya published an article in Tech Policy Press narrating Google’s rise in the digital advertising market over the last 15 years through the lens of three key acquisitions. “Three deals — the purchases of DoubleClick, Invite Media, and AdMeld — ‘set the stage’ for the tech giant to ‘control and manipulate’ the selling and buying of digital ads, says DOJ,” writes Montoya.
OMI’s Barry Lynn was quoted by NPR on how FTC chair Lina Khan’s aggressive approach toward Big Tech has already changed the way the sector operates. “Silicon Valley is a very different place than it was three years ago,” Lynn said. “We have these enforcement agencies who now say, 'We're coming at you. The business that you've been engaging in for the last 20 years, that's no longer feasible. We no longer regard that as legal.’”
Barry Lynn was also quoted in The New Republic on the unlikelihood that the Republican house majority would take up the mantle on reining in Big Tech by initiating any antitrust legislation. “It tells you what the Republican leadership of the House actually thinks about these things,” he said. “They’re in the pocket of Big Tech; they’re in the pocket of big corporations.”
Open Markets’ policy director Phillip Longman offered his thoughts to The American Prospect on last month’s train derailment in Ohio and how industry consolidation has exacerbated the obstacles to recovery. “By allowing massive consolidation in our railroads, we’ve exposed ourselves to worse service and safety while Wall Street investors siphon off greater profits,” said Longman. “Opposing this merger is an important start at bringing back competition and real investments that actually improve rail, not pull money out of it.”
OMI legal director Sandeep Vaheesan was interviewed by KALW Radio on how Amazon’s massive web of control extends beyond its corporate boundaries to employees who, while not directly on the giant’s payroll, are still in the corporation’s thrall through contracts and surveillance.
Open Markets Institute’s food systems program manager Claire Kelloway’s was quoted in Morning Ag Clips responding to the Department of Agriculture’s seed report promoting fair competition and innovation in seeds. “Dominant seed monopolists abuse intellectual property law to threaten new competitors and stifle seed innovation,” Kelloway said. “USDA’s latest report shines a light on these and other tactics that push out smaller, independent seed businesses. We’re encouraged that USDA will work with antitrust enforcers to ensure fair competition in such an essential sector and that the agency acknowledges the need to invest in public seed breeding infrastructure.”
OMI’s senior fellow Johnny Ryan dismissed concerns that that the Chinese video-sharing app TikTok would be banned in Ireland where it has a large presence in Independant.ie. “We do not minimise the TikTok issue, but virtually the entire web and most of mobile is leaking our intimate secrets to countless companies, including in China and Russia,” said Ryan, who is also a senior fellow at the Irish Council for Civil Liberties. “The scale is far bigger than TikTok.”
Barry Lynn’s 2020 book Liberty From All Masters was used as supporting evidence by a councilmember in Iowa in the Des Moines Register to show that corporations would sacrifice the basic rights of their citizens for profits: “As Barry Lynn writes in his book, Liberty From All Masters, Madison spoke of monopolies being ‘sacrifices of the many to the few.’ In 2023 in Iowa, that means sacrificing LGBTQ rights for corporate profits. It’s part of the reason why a society dominated by the immense power of corporate monopolies is so dangerous.”
OMI’s carbon markets report, released earlier this month with Friends of the Earth, received coverage in The Center Square. The report found that carbon payment programs promoted by Bayer, Cargill, Nutrien, and other giant corporations are largely ineffectual, and also promote further consolidation of control over individual farmers, who are required to use digital platforms controlled by the corporations.
The Financial Times cited Open Markets’ joint call alongside its European partners for an investigation into Amazon’s proposed acquisition of iRobot, quoting from the coalition’s submission made to the European Commission last month, “It will deepen Amazon’s retail and consumer data moats, bolster its vast ecosystem and market dominance, and cause harm to consumers and competition in ways that cannot necessarily be fully conceived of today.”

🔊 ANTI-MONOPOLY RISING:

The FTC is ramping up its investigation into Twitter’s privacy practices after the company was taken over by Elon Musk, who gutted the workforce, slashing headcount to under 2,000 from 7,500 in a span of less than six months. The agency, which is seeking testimony from Musk, is looking into whether Twitter has adequate resources to protect its users’ privacy after the mass layoffs and budget cuts. (New York Times)
The Department of Justice (DOJ) took legal action on Tuesday against the JetBlue-Spirit merger, stating that it would reduce competition and raise fares. If the $3.8 billion deal were to go through, JetBlue would become the nation’s fifth-largest carrier. (CNBC)
The Consumer Financial Protection Bureau (CFPB) called for public comments on data brokers in a sign that the agency is looking to regulate the industry, which the CFPB claims operates outside of public view. The agency is seeking to learn whether modern data surveillance practices have violated the Fair Credit Reporting Act. (Politico)
The DOJ scored an early win in its landmark case against Google for its monopoly over the digital advertising market after a federal judge rejected the tech giant’s request to change the venue of its lawsuit from Virginia to New York. The judge also indicated she would move quickly on the case, saying, “Put your running shoes on.” (Bloomberg)

We appreciate your readership. Please consider making a contribution to support the continued publication of this newsletter.

DONATE

📈 VITAL STAT:

$43 Billion

The amount Pfizer has agreed to pay for biotech Seagen Inc. and its targeted cancer drugs, which are poised to become one of the next big segments of the $375 global cancer drug market. (Wall Street Journal)

📚 WHAT WE'RE READING:

“Sellers’ Inflation, Profits and Conflict: Why can Large Firms Hike Prices in an Emergency?” (University of Massachusetts Amherst, Isabella M. Weber and Evan Wasner). The authors analyze how the COVID-19 inflation in the U.S. derives predominantly from the ability of firms in concentrated markets to hike prices, defying the conventional wisdom that inflation is macroeconomic in origin and must always be tackled with macroeconomic tightening.

“The Lie Behind Amazon’s HQ2 Sweepstakes Becomes Clear.” (The American Prospect, David Dayen). The author argues why Amazon's development of its second headquarters in Arlington, Virginia (put on indefinite pause since last week), was always an intelligence-gathering operation from virtually all cities across the U.S. in order to negotiate future tax breaks for smaller facilities.

🔎 TIPS? COMMENTS? SUGGESTIONS?

We would love to hear from you—just reply to this e-mail and drop us a line. Give us your feedback, alert us to competition policy news, or let us know your favorite story from this issue.

SUBSCRIBE TO OUR NEWSLETTER

DONATE