Your Personal Health Data is Being Exploited: Here’s How New York Can Protect It.
In a recent Congressional hearing, Robert F. Kennedy Jr., President Trump’s Health Secretary, testified that he is planning to “Make America Healthy Again” by slapping fitness bands on every American. This is obviously a non-serious solution to the health issues most Americans face. But it also presents another problem – the health data collected by those bands can be sold to advertisers or social media giants without a person’s consent since it is not protected by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).
This is far from the first time this administration has played fast and loose with private health information. Earlier this year, President Trump gave the world’s richest man and his team of teenage hackers unfettered access to people’s most sensitive data. It’s clear that more must be done at the state level to shield Americans’ personal information from the prying eyes of the Federal government and big corporations.
We have a plan to fight back. Together, we introduced and passed legislation in the New York State Assembly and Senate to prevent New Yorkers’ commercial health data from being exploited and sold to the highest bidder without their consent. It now awaits Governor Hochul’s signature.
In a country and world that relishes the newest technology and prides itself on constantly being online, someone’s whereabouts and preferences are easily accessible to unwelcome third parties. Social media apps and websites continually mine and harvest New Yorkers’ data, whether it be their location, items they purchased, their google searches, their call logs or other personal information, so they can eventually sell access to those personal tidbits. We’re here to confirm that your mind is not playing tricks on you –the global big data market is worth billions of dollars, so it’s not surprising that one receives an ad within 20 seconds of googling or buying a pair of jeans or shoes.
However, frighteningly enough, that same revenue-generating model also extends to the digital health apps that live on your phone or computer. The apps or websites that people habitually open throughout the day to track their period or pregnancy, the number of steps they’ve taken, their glucose levels, blood pressure, mental health struggles or REM cycle, etc. are generally not protected by HIPAA. However, our constituents and most New Yorkers, have no idea that the sensitive information they’re constantly feeding their most trusted health app is often being sold to faceless third parties, or to powerful tech CEOs who have ringside seats in creating and influencing our country’s most important policies.
Our bill, which is awaiting the Governor’s signature, would help level the privacy playing field by requiring companies to disclose their methods of de-identifying personal information, place special safeguards around data sharing, as well as allow consumers to opt out of data collection entirely. California, Colorado, Connecticut, Utah and Virginia all have similar laws, and Elizabeth Warren recently introduced a comparable measure at the federal level. Some social media companies are even beginning to place their own restrictions on the data they share, however, we need strong laws at the state level to fully insulate New Yorkers from these deceptive marketing tactics.
There’s absolutely no reason for why RKF Jr., Elon Musk, or anyone else for that matter should know when someone last menstruated, bought Plan B, searched for gender-affirming care options or reached their 10,000-step goal. Not only is it highly invasive, but it’s not too difficult to imagine a world where that sensitive health information is eventually weaponized against us. In the absence of Federal regulations to protect data privacy, it is crucial that states afford these protections.
Data experts have long feared that the capitalistic game of selling people’s personal data, including unregulated healthcare information, could have dire consequences.
Donald Trump is working overtime to erase the existence of transgender people and decimate access to gender-affirming care. Project 2025, a policy blueprint co-written by Donald Trump’s White House Budget director, promises to attack abortion rights by rolling back FDA approval for mifepristone, enforcing the Comstock Act and building an abortion database. Hostile statehouses are trying to extradite abortion providers from New York, while also trying to prevent the many women who live within their borders from crossing state lines to access reproductive care.
There is no doubt about it – the federal government is making it increasingly difficult for vulnerable people to access healthcare. However, our bill is an antidote to those efforts. By protecting sensitive data, search, location and payment histories, we will be able to protect the civil rights and freedoms of all New Yorkers, while also providing extra protections to those traveling to the Empire State for medical care.
As Maya Angelou once said, “when someone shows you who they are, believe them the first time.” Much is at stake, and this is no longer a drill. We must remain vigilant; however, truly doing so requires us to urgently think of the worst case scenario and legislate accordingly. Our bill does just that. We urge Governor Hochul to sign the bill now and give New Yorkers these critical protections.
Assemblymember Linda Rosenthal represents New York’s 67th District.
Senator Liz Krueger represents New York’s 28th District.
