Project Baseline, a pilot site set up by Google parent company Alphabet to give people access to COVID-19 testing sites, is seemingly collecting patient information and selling it for profit, according to new allegations.
Google’s Project Baseline coronavirus screening website appears to be one huge data mining operation to collect your health information for commercial purposes. It does not appear to follow HIPAA privacy laws. No wonder Trump was pushing this so hard. This is dystopian. pic.twitter.com/qPafFsd5BZ
— Eugene Gu, MD (@eugenegu) March 16, 2020
The site is run by Verily, an Alphabet subsidiary and sister site to Google. The testing is currently open only to people in Northern California, and was already fully booked by Tuesday morning, according to the New York Post.
But it also seems that any data a person seeking a test submits to the site could be shared with “biopharma companies and medical device companies” for commercial purposes. Verily says it does not abide by HIPAA privacy regulations in its Terms of Service. HIPAA, or the Health Insurance Portability and Accountability Act, protects patient privacy in the U.S. Project Baseline’s FAQ, however, says the site itself will abide by it.
The website also requires use of a Google account or creation of a Google email address in order to sign up for a test.
“The coronavirus pandemic is a time of emergency where we all must make sacrifices to help one another,” Wu wrote on Twitter. “Huge corporations using this moment as an opportunity to collect all of our health data for profit is unconscionable. Getting taxpayer money from Trump to do this is even worse.”
“We’re disappointed, but not altogether surprised Google is finding a way to leverage a global health crisis to mine valuable user data,” said Jo O’Reilly, Digital Privacy Advocate at the U.K.-based ProPrivacy, in a statement to Digital Trends. “In times of uncertainty, it can be easy for data privacy to fall by the wayside, but medical data is the most private, and valuable, personal information there is, and this is simply not good enough from Google.”
Google and Verily have not yet responded to requests for comment, but we will update this story when we hear back.
- Twitter expecting FTC fine of up to $250M for alleged privacy violations
- Google pledges not to use Fitbit data for ads to ward off EU antitrust probe
- Federal bill would ban corporate facial recognition without consent
- Class-action lawsuit alleges TikTok steals data from minors
- Seven VPN apps accused of exposing more than a terabyte of private data