No images? Click here Welcome to The Corner. In this issue, we explore how evolving digital advertising trends make it increasingly difficult for regulators to protect Americans’ health data. New Digital Ad Models Limit Reach of FTC’s Recent Action on Health Data Privacy The Federal Trade Commission (FTC) early in March fined the digital mental health platform Better Help $9 million for falsely telling users their health data wasn’t being used for targeted advertising. The company, which runs an app that matches users with mental health professionals, shared identifiable medical data with platforms like Facebook and Criteo, which then targeted users on social media and websites. Better Help made “millions of dollars” from such sales, the FTC said. The agency also banned Better Help from continuing this practice unless it obtained “affirmative express consent” from its users. For many experts, the action shows the FTC is taking significant efforts to crack down on the online sales of Americans’ health data by companies not covered by the 1996 Health Insurance Portability and Accountability Act (HIPAA). But as digital advertising trends evolve in a regulatory environment that allows digital platforms to work around stringent privacy protections, these efforts may prove insufficient. Regulations will have to target not just current sales of health data, but new advertising practices, such as digital retail media, that seek to monetize data coming from a variety of businesses, including drugstores and medical offices. HIPAA was designed to protect the confidentiality of personally identifiable information from unauthorized breaches. But the law dates to a time when health information flowed mainly between a patient, a doctor, and the insurance company. The law therefore applies directly only to health care providers, health plans, and business associates such as billing and claim processing companies. Social media platforms, credit report agencies, websites, and apps that deal with a variety of data for advertising purposes are not HIPAA-covered entities. Therefore, they “can legally collect, share and sell — can broker access to — Americans’ health data, from surgical histories to drug prescriptions,” Justin Sherman, senior fellow at Duke University's Sanford School of Public Policy, explained recently. But when these non-HIPAA entities deal with personal health data, the FTC has authority to enforce its Health Breach Notification Rule, which requires certain personal health record vendors to notify consumers of a breach of their data. This explains why, for companies such as Better Help, FTC enforcement is focused on deceptiveness, unfairness, and the company’s failure to notify consumers of a data breach, and is not a privacy violation per se. In this context, the rise of retail media, a trend where retailers sell advertising space on and off their physical and digital presence, may soon take the brokerage of health data to another frontier. Early adopters of retail media that handle health data, but who aren’t covered by HIPAA, include CVS and Walgreens. Both enable advertisers and suppliers to reach consumers with ads, on and off their own websites, when consumers are in a “shopping mood.” At drugstores, this means consumers are profiled for advertising based on their health-related purchases. Everyone wants a piece of the retail media cake. Small medical practices also seem to be shifting their traditional, non-invasive advertising of pharma products to behavioral advertising, pushed by marketing agencies’ new practices. In a traditional marketing setup, whenever we were at a doctor’s office waiting room, we might find ad panels on the wall or brochures about some new medication. Alternatively, if we reached for a magazine at the center table, it would most likely have health-related ads. Today, based on the promise of behavioral advertising to reach consumers at the “point of purchase,” marketing agencies are selling digital “point-of-care advertising” in primary care practices as well. As the marketing agency Doceree put it recently, soon, whenever we find ourselves in a medical waiting room, we will open our phones and get a pop-up to “remind us about a recommendation for a new medication.” And as the Cardinal Digital Marketing agency makes clear, whenever a doctor’s office advertises third-party products on email following a patient consultation, they may use “data-driven campaigns with content tailored to the patient’s medical service history.” As explained by FTC Commissioners Alvaro Bedoya and Rebecca Slaughter in a statement regarding Amazon’s recent acquisition of primary care provider One Medical, even when health data is covered by HIPAA and its 1999 Privacy Rule, once data is “de-identified” – stripped of the information that could be used to link that data back to a specific person – it can be used not only for public-interest medical research, but for any purpose. Considering the vast troves of data that retailers amass, combining de-identified medical records with health-related purchases may just be enough to generate highly intrusive and even dangerous ad-targeting insights. The longer these loopholes remain open, the more challenging it will be for Americans to take back control of their health data.
Open Markets Institute, in collaboration with Balanced Economy Project and the European Digital SME Alliance, sent an open letter to the European Commission calling for fairness in the distribution of clean energy subsidies for firms on the continent, which come in response to provisions for U.S. firms in the Inflation Reduction Act. The letter urges the regulatory body to ensure large corporations don’t seize the lion’s share of the subsidies and that investment also benefit the small and medium-sized companies that produce the most innovative emerging green technologies. The letter sets out a number of recommendations for achieving this, including transparency and requirements linked to the EU’s social and economic objectives. The letter reads, in part: “While many others, including national governments themselves, have rightly warned that a more permissive state aid framework risks disproportionately benefiting larger member states with greater fiscal firepower, we should be just as worried about the prospect of large and dominant companies capturing the majority of the funding, elbowing SMEs aside.” OMI’s Europe director Max von Thun appeared on BBC radio to discuss the joint letter, which also received coverage in Euractiv. 📝 WHAT WE'VE BEEN UP TO:
🔊 ANTI-MONOPOLY RISING:
We appreciate your readership. Please consider making a contribution to support the continued publication of this newsletter. 📈 VITAL STAT:$43 BillionThe amount Pfizer has agreed to pay for biotech Seagen Inc. and its targeted cancer drugs, which are poised to become one of the next big segments of the $375 global cancer drug market. (Wall Street Journal) 📚 WHAT WE'RE READING:“Sellers’ Inflation, Profits and Conflict: Why can Large Firms Hike Prices in an Emergency?” (University of Massachusetts Amherst, Isabella M. Weber and Evan Wasner). The authors analyze how the COVID-19 inflation in the U.S. derives predominantly from the ability of firms in concentrated markets to hike prices, defying the conventional wisdom that inflation is macroeconomic in origin and must always be tackled with macroeconomic tightening. “The Lie Behind Amazon’s HQ2 Sweepstakes Becomes Clear.” (The American Prospect, David Dayen). The author argues why Amazon's development of its second headquarters in Arlington, Virginia (put on indefinite pause since last week), was always an intelligence-gathering operation from virtually all cities across the U.S. in order to negotiate future tax breaks for smaller facilities. 🔎 TIPS? COMMENTS? SUGGESTIONS? We would love to hear from you—just reply to this e-mail and drop us a line. Give us your feedback, alert us to competition policy news, or let us know your favorite story from this issue. |