Profile picture
Privacy Matters @PrivacyMatters
, 24 tweets, 9 min read Read on Twitter
I saw this Ad on the tube for Babylon Health GP app. So, I took a quick look. FIVE embedded trackers - Facebook Login, AppsFyer, Mixpanel, Google Firebase, Google Crashlytics

Privacy policy here
"We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising).” …
"This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts”
Connecting via social media? hmm ambiguous statements. "You may choose to connect your existing accounts with other providers (such as a social media provider) to your account with us. This may, for example, make it easier to create an account with us"
"If you choose to[connect via social media], we will receive limited information about you from that provider, such as your email address, name, and other sign-up related details.” <too ambiguous. WHAT information precisely?
Big data & AI:

"Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services, and …"
“ .our artificial intelligence system, so that we can deliver better healthcare to you and other Babylon users.”

And here is the social imperative. The #AI4Good argument "it is about improving our products, services and software so that we can deliver a better experience to you and other Babylon users, and help achieve our aim of making healthcare affordable and accessible to everyone"
more ambiguity

"We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address"
👆”for example” - well that’s one example. Precisely how often is location data obtained? In what contexts. For what purposes … these matters need to clearly set out so you don't need to be privacy expert to unravel
woah! This kind of app should NOT rely on legitimate interests in using personal data for marketing purposes .. it should be opt-in .. ethically.
again, more ambiguity. PRECISELY what data will be used and for WHAT legitimate interests. The “for example,” is not good enough in a heath are app. Also, if relying on LI explain at that point the right to object .. BUT ...
BUT, one assumes the embedded trackers are used to meet this LI purpose .. those trackers are embedded PRIOR to download of the APP .. SO, this raises issues of data protection by design under the GDPR but also, Art 5(3) of the ePrivacy Directive also.
Hmm. More ambiguity. "We may share your personal data with members of our corporate group and our partners (such as the GP at Hand partnership, where you access our NHS service)” Who are these? No hyperlink to help folks make and informed decision.

Oh and …

Trustpilot reviews. One assumes Babylon Health shares peoples email addresses with TrustPilot (as under the TP model they send emails asking for a review)
ooh and hmm. "We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service” < is this aggregated or anonymous? They’re not the same thing.
Getting to end of the privacy policy & erm "If you use our NHS service (GP at hand), we will share your records with North West London Whole Systems Integrated Care, which provides other members of the scheme (such as, amongst others, NHS Trusts & the ambulance services)..” BUT
here’s the kicker "with access to your data to promote integrated care for you, and for research and statistical purposes. You may contact us at any time to opt out of this data sharing by completing and sending the form in the following link to us ..”

Shouldn't this be opt-in?
Let’s dive in. Hmm connect via Facebook .. and extremely ambiguous notice that IMHO does not meet the requirementa of Art 12 and 13 of the GDPR
No mention of the embedded trackers & their purpose prior to download or expressly referenced in the privacy policy nor any mechanism to control such trackers.

At lease the default for the use the use of data for ‘accessible’ healthcare was set to OFF. Marketing emails set to ON
So, does it mean that unless a person changes the ‘help make healthcare accessible’ default to ON, that Babylon Health will not use info to improve info and the #AI system?

Ambiguities abound.
👆 Does it also mean that data will NOT be shared with the WISC as described here.

Is the ‘accessible health care’ setting a consent mechanism that does not apply to WISC & other contexts based on legitimate interests?

TOO many ambiguities. Too many questions.
and this BBC Horizon programme… emphasis the need to dig deeper.

The programme also mentioned another App - Ada. THAT app has EIGHT trackers embedded - inc Goole Ads and Doubleclick. Seems to me the @ICOnews
needs to add to their thematic approach
@ICOnews The programme also looked at AI being used in Africa .. a region where not all countries have data protection laws and regulators etc .. May times I think people see Africa as a data goldmine
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Privacy Matters
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!