The End of Your Children's Privacy

The last nail in the coffin of privacy was recently hammered by an FDA approved medical device. Kinsa, the makers of several smartphone enabled thermometers, recently announced in the New York Times that their fever data is for sale and currently in use by Clorox for targeting ad campaigns (invoking the ire of many concerned citizens in the comments section of that article, and by journalists on Twitter). Kinsa's CEO has defended the move in his LinkedIn blog, but glosses over the fact that the data being collected by Kinsa are mostly from school children.

As adults, we expect that much of the data we generate online is sold for advertising, marketing, and merchandising purposes, but children's data is the last bastion of true privacy -- a line reinforced by Federal COPPA regulations and my wife (please, no photos of the kids online Graham!). Any fan of HBO's 'Silicon Valley' will recall the COPPA episode when the founders of Pied Piper realized that a third of their users were under the age of 13:

In that 'Silicon Valley' episode, the founders had unwittingly fallen into those circumstances, but it's an entirely different circumstance when you are proactively "giving" IoT (Internet-of-Things) medical devices, complete with licensed Sesame Street characters, to children in elementary schools (as shown in the photo at the top of this article), for the purpose of selling their data - aggregated, anonymized or otherwise.

This invokes comparisons to Joe Camel and Big Tobacco's infamous marketing strategy to target kids: "Realistically, if our company is to survive and prosper, over the long term, we must get our share of the youth market." —1973 R.J. Reynolds document. To be sure, Kinsa is not selling cigarettes to kids, but they are egregiously marketing a medical device and app to kids, their schools, and their parents in order to sell insights derived from their health data.

Why is this problematic to privacy? In order to protect the privacy interests of consumers, data companies will remove personal identifiers, such as name and SSN, from databases containing sensitive information. These anonymized or de-identified data safeguards the privacy of consumers while still providing useful information to marketers. However, there's a very bad word in the world of consumer marketing called "re-identification." Re-identification is the process by which anonymized personal data is matched with its true owner. It's a huge concern for anyone working with those kind of data. Generally speaking, if the data can't be re-identified, then it is safe to use.

However, in recent years it has been revealed that "anonymized" data can often be re-identified. It is such a growing concern that Ann Cavoukian, Ontario's Privacy Commissioner, recently stepped down amid her own concerns that the smart city initiatives in Toronto, being led by Sidewalk Labs (an Alphabet company), were vulnerable to this practice. Cavoukian understood that the data being collected could, even in an edge case, be re-identified by those seeking to invade others' privacy.

A case could be easily made that the data Kinsa is collecting could be re-identified given the way in which their thermometers are distributed to schools via their FLUency Program with each new school generating a press release from Kinsa's marketing team. The schools where Kinsa has given away most of their 500,000 thermometers are likely the only schools in their respective zip codes. An interested party could then cross reference those zip code data with what is known to marketers as MAID (Mobile Advertising ID) data via another data seller to infer "interest" data for those parents and families -- where they shop, and where their children likely go to school. And now your child's fever recorded by Kinsa is not only triggering flu remedy ads to you directly by an unrelated 3rd party, but could be used to re-identify you and the household associated with your MAID.

Just ask the measurement company, Nielsen. They protect their clients' sales data by omitting POS (point-of-sale) trends for geographies where a single store location could be inferred. For example, if I purchase Nielsen's POS data for all cold and allergy remedies at a specific geographic level, and if there is only one pharmacy or grocery store in that entire geography, then I know how many sales that single store saw for their various point-of-sale data that I've purchased. Nielsen understands that risk to their client's privacy, and omits data whenever those stores can be re-identified.

Sickweather was founded on the premise that public information could be distilled into meaningful trends without violating anyone's privacy, and giving those trends back to the public as a rare win-win in the world of big data. We understand this market very well, and yes we also sell illness data as trends (which we call SickScore). We even support the Kinsa smart ear thermometers within our app and have also partnered with Clorox to help with their PR and marketing strategy during past flu seasons. However, there are many significant differences in how we handle and aggregate various data sources, and perhaps most importantly how we are perceived by consumers when it comes to setting appropriate privacy expectations.

Whether you've purchased a thermometer for $20-40 from the pharmacy, or received a thermometer for free from your children's school, you expect that your data isn't the product -- instead that the product or service itself is the product. You expect that your hard-earned money used to pay for the thermometer or tuition, or the endorsement of your children's school or PTA, is the collateral for your retained privacy. This is a very important distinction.

When you download a free app that promotes itself as the 'Waze for sickness' like Sickweather does, then you expect the data is by default open and public. Sure, our Privacy Policy, DMCA and GDPR terms are easily accessible and easy to understand, but more importantly we offer you the tools to report data privately, publicly, or to have the data removed entirely. And you can plainly see how those reports contribute to a public map of illness and our SickScore. Meanwhile, the smart thermometer data that we collect from paired Kinsa, Swaive and Philips thermometers are not included in the public maps or sold to 3rd parties, and are only provided as a convenience to our users. I dare say, your Kinsa temperature data is more secure when paired with the Sickweather app than it is with the Kinsa app. With that said, we will evaluate whether we want to continue promoting the Kinsa thermometer within Sickweather given these recent revelations.

But Kinsa and other IoT companies aren't entirely to blame for this erosion of our privacy. The VCs (venture capitalists) that apply the pressure for data monetization of hardware devices, and the customers who demand access to medical data as the only true measurement of population health, are also stakeholders in your privacy.

As they say, "hardware is hard" -- the lament of IoT and hardware device startups everywhere. Some of the VCs that invest in these companies put an immense amount of pressure on them to generate revenue, especially once they are well into their Series B and further "growth" rounds. It's not enough to sell a hardware device with a good profit margin because it takes too long to gain enough market penetration to be profitable -- you have to have a big data monetization strategy to go along with it. Kinsa makes great thermometers. In fact, I have one myself. But that's likely not enough for their investors, and so they are pushed into situations where they need to make tough decisions about their user data. And then there are the data customers.

There is a misconception by some healthcare and consumer health companies that the only health data worth buying is clinical or diagnostic data. We come up against this objection in our own enterprise sales efforts, and it contradicts the 'wisdom of the crowd.' It's not good enough for you the consumer to publicly broadcast your fever or flu to the world via social media, no, they want proof of your illness from your medical devices, healthcare records or doctors because they don't trust you to diagnose yourself correctly.

In fact, anecdotal data voluntarily made public by the user in aggregate with other reports has been proven to have very strong correlations to clinical and laboratory data. Even more-so than clinical data, anecdotal data often represents the true shopper intent for the brands marketing to them since you don't have to be diagnosed by a device or doctor to feel miserable and purchase a flu remedy at the pharmacy. The data buyers that forgive a 1-10% discrepancy of clinical accuracy will benefit from those valuable insights without the cost of, or violation to, our privacy.

Unfortunately, that line has now been crossed, and there may be no going back without the help of enforced Federal regulations on medical devices -- maybe a warning label that says "This Device Monetizes Your Data." And perhaps COPPA can play a role in helping to push back against this land-grab campaign of children's privacy that is Kinsa's FLUency Program, but I think the investors and buyers of data also need to start rethinking their demands on these companies, and ultimately on our collective privacy.

Alternatives in measuring population health are available from companies like Sickweather, just as alternatives to thermometers not interested in selling your data are available on pharmacy shelves. Empowering an enlightened customer may ultimately prove to be the best way forward in rebuilding our privacy from these remains -- like rebuilding a new Fantasia from the last grain of sand in 'The Neverending Story' after it was consumed by The Nothing.

There are plenty of examples where the currency of our privacy can be exchanged for valuable services. For example, at the Shiru Cafe where students exchange bits of their data for cups of coffee. Social media itself is an experiment in that exchange of privacy. As long as data companies provide and respect transparency without disguising themselves otherwise, and without marketing themselves to kids, then there can be a future where privacy is back in the hands of responsible consumers as a currency that they can choose to spend, or not. Privacy is dead, long live privacy.