Much is being written and blogged these days about Google Health, and as a general advocate of what I call "PHR2.0" (PHR: Personal Health Record) I am generally all excited about these developments.
I am also chronically annoyed by the privacy zealots who sometimes seem to want to protect consumers from their own choices ( "I think we've all consented to things online we haven't meant to simply by failing to check or uncheck a box," (Archived by WebCite®) - ok, but this shouldn't be a valid argument to protect consumers from having access to or entering health data in the first place).
Matthew Holt also doesn't see any privacy problems whatsoever (Archived by WebCite®), which is perhaps also a bit simplistic.
I see one particular privacy threat which I haven't seen discussed anywhere. The privacy threat is created whenever a personal health record (or any other sort of dynamic, private information) is combined with Google Ads, because Google Ads are created by third parties, and Google Ads are keyword/context triggered. Any combination of Google Ads with any sort of personal health information spells a privacy disaster.
Why? Imagine I am a bad guy who wants to compile a database of people with the condition "Amyotrophic Lateral Sclerosis". It is now a matter of five minutes to set up an ad at Google AdWords which is triggered by the keyword "Amyotrophic Lateral Sclerosis". Google AdWords also lets me define a target site, so I could define health.google.com or any other online PHR site such as myPHRsite.com as the sole target site where the ad (context-triggered) should appear. Now, whenever a user on that site would review his personal health record with integrated Google Ads, my ad would be triggered only if the word "Amyotrophic Lateral Sclerosis" shows up in my record. The consumer of course does not know this and if the ad is something innocuous such as "Click here to receive a free gift basket" he might click on the ad and - bingo - all I (as the bad guy) have to do is to link to a questionnaire pretending to send a gift to the consumer, asking for his/her personal information - name, address etc. Thus, I have a list of people who have the keyword "Amyotrophic Lateral Sclerosis" showing up in their Personal Health Record.
Yes, it is that simple.
Now, Google has said that Google Health will actually not have any ads (Archived by WebCite®). However, is this also true for other online PHR vendors?
The bottom line is that Google (as well as any other online PHR vendors) will never be able to put any Google Ads on any sort of online PHR, at least not without giving up the keyword/context sensitivity of the ads, which is the backbone of the Google Business model. Whenever you see an online PHR with Google Ads (or any other contextual ads) - run! (and send me an email).
Please cite as: Eysenbach, Gunther. Online PHR + Google AdWords/AdSense = A Privacy Disaster. Gunther Eysenbach Random Research Rants Blog. 2008-03-08. URL:http://gunther-eysenbach.blogspot.com/2008/03/google-health-google-adwordsadsense.html. Accessed: 2008-03-08. (Archived by WebCite® at http://www.webcitation.org/5WB7C9LS5)
Saturday, March 8, 2008
Subscribe to:
Post Comments (Atom)
WebCite this page!
3 comments:
I totally agree with you. I did not though in that mechanism but is a real threath.
First time I designed keyose I considered contextual advertising as a idea to explore.
with time I started to have my doubts, but after reading your post it has become clear to me. Online PHR + contextual advertising are not compatibles.
Playing devil's advocate...
If ads were screened, contextual ads could be great. I actually see this as a potentially good startup.
Think for a second about an ad network for drug companies that screened every advertiser and ad displayed (very thoroughly). Being able to display the correct drug/drug company based on context in a PHR is big business. Of course Google adwords/ adsense wouldn't fit the build, but their is definitely a market.
I do see a challenge in security, but I think there is a technical solution for that. I don't know that we should give up on contextual ads completely, but there will need to be a few safeguards.
The scenario you mention is plausible and I'm sure it is not limited to PHR use. Contextual ads are served on Gmail, for example. If someone wants to compile a list of individuals with a particular health condition they could advertise on Gmail looking for users who write about their condition in their private emails.
I think the onus is on Google to hand-check these types of ads - which I think they may already be doing.
If an advertiser chooses a medical keyword, their ad should be inspected to make sure it is relevant.
Google already implements a 'quality-score' to make sure landing pages are relevant to the adverts, this could be tweaked to include phishing scams such as the one you mentioned. I'm not sure if the quality score includes the selected keywords as well as the text of the ad, but it certainly should.
Mozilla have a nice funding model where they get revenue from ads served after a user has entered a term in the Google search box in the Firefox browser. This means the Firefox is an ad-supported service without directly showing ads.
This is the same model that Google is proposing for Google Health.
Other PHR and online EMR providers could use this model of in-direct advertising as well. Google Adsense offers this as standard.
The next step up from contextual advertising is click-stream advertising where a users browsing activity is monitored by ISPs and relevant ads are served based on their browsing history.
Imagine that you have been thinking of buying a new car for the past month and browsed ebay and various car review sites. The ISP is monitoring your browsing (removing any identifiable information - they say) and using the information to place more and more targetted ads for the car their advertiser would like you to buy. Eventually, every ad you see on every website you visit contains information about this particular car.
This type of advertising has already been tested (possibly illegally) in the UK.
http://en.wikipedia.org/wiki/Phorm
Overall, I think the advertising supported model is probably a good thing for open source projects like mozilla and free services like Google Health. For one thing, it will enable rapid growth of new and innovative services. Advertising companies will need to be held to account for the type of ads they serve, but with the profits these companies are making, I think they can probably afford to keep a close eye on health ads.
Post a Comment