When health tech companies change their terms of serviceFebruary 13, 2020
Digital health technology companies, such as health-related apps and websites, handle unprecedented amounts of highly sensitive user data, including information about a person’s genetics, the timing and duration of her periods, her self-reported mental state, and the dates she sees a given health care provider. Although they collect these intimate data and provide users with health-related information, most digital health tech companies are not actually health care providers; thus, laws and regulations that typically govern the collection and use of health data often do not apply to these companies in the United States. Many of these companies reserve the right to unilaterally change their terms of service (ToS), often without users’ consent. Users have little legal recourse if they feel a company has violated their privacy or inappropriately shared their data through unilaterally amending the ToS. We explore how legislators could limit the ability of companies to change key aspects of their ToS unless consumers opt in to adopting the changes. These and similar legislative innovations could offer needed consumer protections in the context of digital health tech—and beyond.
Many types of companies collect, warehouse, and commercialize all kinds of data from consumers. However, in the context of digital health tech, consumers—many of whom don’t read the fine print—may assume that privacy safeguards are in place, on the basis of their previous experiences with health care and biomedical research. Despite the limited regulation of digital health tech relative to formal health care providers, users could rely on these services when making important decisions such as those related to mental health, genetic risk, or procreation. And some companies may cultivate that reliance, blurring the line between what is and isn’t health care. For example, Clue, a period-tracking app, promises its users “predictions you can trust” that are “based on the most up-to-date science” and that the company “collaborate[s] with scientists and universities to ensure continuous improvements” (1). Users may then reasonably believe they are receiving something on par with medical care, with all of its ensuing protections, despite disclaimers on the part of the companies that they are not health care providers.
ToS outline users’ rights and companies’ obligations regarding data collection and protections for privacy. When something goes wrong with a product, the company’s ToS govern the dispute. Generally, by purchasing and using the product, the consumer agrees to the company’s terms. Consumers might select one company over another based on its vow to secure their data, only to have that company change its policy unilaterally and share its users’ information in a way that is objectionable to the…