tion online comes in the form of self-regulation by the parties that stand to
benefit the most from capturing user
data: online advertisers.
However, self-regulation has proven
wholly insufficient. No lesser authority
than the FTC determined that “
industry efforts to address privacy through
self-regulation have been too slow, and
up to now have failed to provide adequate and meaningful protection.” 33
When self-regulations are present,
there are no serious sanctions for violating the rules that advertisers draw
up among themselves. Nevertheless,
the Network Advertising Initiative (NAI)
has produced a Code of Conduct that
requires opt-in consent for advertisers
to use precise information about health
conditions such as cancer and mental-health. 22 Yet the same policy also states
that “member companies may seek to
target users on the basis of such general health categories as headaches.” 22
Given the range of ailments between
cancer and a headache is incredibly
broad, this directive provides virtually
no oversight. Likewise, the Digital Advertising Alliance (DAA) provides rules
that also appear to protect health information, but legal scholars have determined that “an Internet user searching
for information about or discussing a
specific medical condition may still be
tracked under the DAA’s principles.” 12
Potential interventions. Although
this problem is complex, it is not intractable and there are several ways
health privacy risks may be mitigated.
First, there is no reason for non-profits, educational institutions, or gov-ernment-operated sites to be leaking
sensitive user information to commercial parties. While advertising revenue
keeps commercial sites running, non-profits gain support from donors and
grants. Fixing this situation could be as
simple as an internal policy directive
on a per-institution basis, or as expansive as adopting language that would
deny funding to institutions that leak
As for commercial-oriented sites, it
is true they rely on ad-tracking revenue.
However, regulatory and legislative
bodies have the authority to draft and
implement policies that would require
a mandatory limitation on how long
information from health-related web-
sites could be retained and how it could
be used. Such policy initiatives could
have significant impact, and would re-
flect the preferences of the public.
Finally, talented engineers may devote a portion of the time they spend
analyzing data to developing intelligent filters to keep sensitive data quarantined. The spark of change could be
the result of a single engineer’s 20%
time project. If the mad rush to ingest ever more data is tempered with
a disciplined approach to filtering out
potentially sensitive data, businesses
and users may both benefit equally.
Proving privacy harms is always a difficult task. However, this study has
demonstrated that data on health information seeking is being collected
by an array of entities that are not subject to regulation or oversight. Health
information may be inadvertently
misused by some companies, sold by
others, or even stolen by criminals. By
recognizing that health information
deserves to be treated with special
care, we may mitigate what harm may
already be occurring and proactively
avoid future problems.
Acknowledgments. The author
thanks the anonymous reviewers for
wise revisions. Thanks to A. Blanford,
M. Delli Carpini, S. González-Bailón, J.
Goodwin, B. Hoffman, B. Kroeger, D.
Liebermann, N. Maruyama, T. Patel,
V. Pickard, J. Poinsett, J. Rosen and J.
Smith for their invaluable feedback.
1. Acar, G. et al. Fpdetective: Dusting the Web for
fingerprinters. In Proceedings of the 2013 ACM
SIGSAC Conference on Computer & Communications
Security. ACM, 1129–1140.
2. Ackerman, M.S., Cranor, L. F. and Reagle, J. Privacy in
e-commerce: examining user scenarios and privacy
preferences. In Proceedings of the 1st ACM Conference
on Electronic Commerce. ACM, 1999, 1–8.
3. Ayenson, M., Wambach, D., Soltani, A., Good, N. and
Hoofnagle, C. Flash cookies and privacy ii: Now with
HTML5 and etag respawning. Available at SSRN
4. Castellucia, C., Grumbach, S. Olejnik, L. et al. Data
harvesting 2.0: From the visible to the Invisible Web.
In Proceedings of the 12th Workshop on the Economics
of Information Security, 2013.
5. Duhigg, C. How companies learn your secrets. New
York Times, (2012), 2012.
6. Dwoskin, E.D.E. Data broker removes rape-victims list
after journal inquiry. Wall Street Journal, 2013.
7. Eckersley, P. How unique is your Web browser? Privacy
Enhancing Technologies. Springer, 2010, 1–18.
8. Fielding, R. et al. Hypertext transfer protocol (1999),
9. Fox, S. and Duggan, M. Health online 2013. Pew
Internet and American Life Project.
10. Grimes-Gruczka, T., Gratzer, C. and Dialogue, C. Ethics:
Survey of Consumer Attitudes about Health Web
Sites. California HealthCare Foundation, 2000.
11. Himmelstein, D. U., Thorne, D., Warren, E. and
Woolhandler, S. Medical bankruptcy in the United
States, 2007: Results of a national study. Amer. J.
Med. 122, 8 (2009), 741–746.
12. Hoofnagle, C., Urban,J. and Li, S. Privacy and modern
advertising: Most us Internet users want’do not
track’to stop collection of data about their online
activities. In Proceedings of the Amsterdam Privacy
13. Jackson, C., Bortz, A., Boneh, D. and Mitchell, J.C.
Protecting browser state from Web privacy attacks. In
Proceedings of the 15th International Conference on
World Wide Web. ACM, 2006, 737–744.
14. Jang, D., Jhala, R., Lerner, S. and Shacham, H. An
empirical study of privacy-violating information
of the 17th ACM conference on Computer and
Communications Security. ACM, 2010, 270–283.
15. Krebs, B. Sources: Target investigating data breach
16. Krishnamurthy, B., Naryshkin, K. and Wills, C. Privacy
leakage vs. protection measures: The growing
disconnect. In Proceedings of the Web 2.0 Security
and Privacy Workshop, 2011.
17. Krishnamurthy, B. and Wills, C. Privacy diffusion on
the Web: A longitudinal perspective. In Proceedings of
the 18th International Conference on World Wide Web.
ACM, 2009, 541–550.
18. Krishnamurthy, B. and Wills, C.E. Generating a
privacy footprint on the Internet. In Proceedings
of the 6th ACM SIGCOMM Conference on Internet
Measurement. ACM, 2006, 65–70.
19. Mayer, J.R. and Mitchell, J.C. Third-party Web tracking:
Policy and technology. In Proceedings of the 2012 IEEE
Symposium on Security and Privacy. IEEE, 413–427.
20. Miller, B., Huang, L., Joseph, A. and Tygar, J. I know
why you went to the clinic: Risks and realization of https
traffic analysis. arXiv preprint arXiv:1403.0297, 2014.
21. National Institutes of Health, History of Medicine
Division. Greek medicine (2002); http://www.nlm.nih.
22. Network Advertising Initiative. NAI code of conduct, 201.
23. Nikiforakis, N. et al. Cookieless monster: Exploring
the ecosystem of Web-based device fingerprinting. In
Proceedings of the IEEE Symposium on Security and
24. PhantomJS. PhantomJS is a headless Webkit
25. Roesner, F., Kohno, T., and Wetherall, D. Detecting and
defending against third-party tracking on the Web.
In Proceedings of the 9th USENIX Conference on
Networked Systems Design and Implementation.
USENIX Association, 2012, 12.
26. Staff of Chairman Rockefeller. A review of the data
broker industry: Collection, use, and sale of consumer
data for marketing purposes. U. S. Senate, 2013.
27. Sweeney, L. Discrimination in online ad delivery.
Commun. ACM 56, 5 (May 2013), 44–54.
28. Turow, J. The Daily You: How the New Advertising
Industry is Defining Your Identity and Your Worth. Yale
University Press, 2012.
29. Turow, J. and Center, A.P. P. Americans & online
privacy: The system is broken. Annenberg Public
Policy Center, University of Pennsylvania, 2003.
30. Turow, J. King, J., Hoofnagle, C.J., Bleakley, A. and
Hennessy, M. Americans reject tailored advertising
and three activities that enable it. Available at SSRN
31. United States. Health Insurance Portability and
Accountability Act of 1996. Public Law, 1996, 104–191.
32. U. S. Federal Trade Commission. Complying with the
FTC’s health breach notification rule, 2010; http://
33. U. S. Federal Trade Commission. Protecting consumer
privacy in an era of rapid change preliminary staff
report, 2010; http://www.ftc.gov/sites/default/_les/
34. Yen, T.-F., Xie, Y., Yu, F., Yu, R. P. and Abadi, M. Host
fingerprinting and tracking on the Web: Privacy and
security implications. In Proceedings of NDSS, 2012.
Timothy Libert ( firstname.lastname@example.org) is a doctoral
student in the Annenberg School for Communication at
the University of Pennsylvania, Philadelphia, PA.
Copyright held by author.
Publication rights licensed to ACM. $15.00.