Privacy

Which details do we give to tech companies about our cardiovascular systems?

Emma McGowan, 16 March 2021

Many tech companies are part of a bigger “cardiovascular system” that is the internet

I grew up in the early years of the internet and got excited about whatever the next big thing was. Online journaling? Awesome! AOL Instant Messenger? Cool! Facebook? Sign me up! But, like so many people my age, I cared more about not revealing my full name online or like, clicking on a weird popup than I did about “data” or “privacy.” There was no way I, as a young person with no behind the scenes tech knowledge, could have predicted the ways the internet would evolve — and all of the pieces of myself I’d be giving up in the process.

In the US, we think of data as a product; something to be bought and sold and traded for a profit or benefit. But in Europe, data is thought of as a fundamental part of our humanity; like little pieces of our personality floating out in the digisphere. As such, it needs to be protected just like all of the other personal bits of ourselves that we keep from public consumption.

When I picture the ways that my data has left my possession, I see a drawing of the human body, with pixels floating away into the ether. Which brings it all back — to the body. To my body. And that’s why I’m excited for this next iteration of What Does the Internet Know About Me? Rather than focus on individual apps, as I’ve done so far, I want to focus on my body. And, more specifically, on my bodily systems.

To start it off, I’m going to take a look at what the internet knows about my cardiovascular system. So, first things first: Google “What is the cardiovascular system?”

The cardiovascular system — which is also called the circulatory system — is the system that carries blood throughout our bodies. Blood transports nutrients and oxygen to the places they need to go and also removes carbon dioxide and other wastes. It also includes the lymphatic system, which moves lymph throughout the body. And when we’re talking organs, the cardiovascular system includes the heart, lungs, brain, kidneys, and all of the veins/arteries/capillaries that are essentially the highways everything is moving around on. 

So that’s the body part. Now let’s talk about the tech part, starting with what I think are best referred to as the “quantified self apps,” Fitbit and MyFitnessPal. These are the privately owned health and fitness companies that I’ve signed up for, paid money to, and that I use daily to track my activity and food intake.

Both apps know my height and weight, which could be used to calculate body mass index (BMI). While I personally don’t think BMI is a good measure of health, it is one that many doctors use. For example, people with a BMI over a certain limit are classified as “medically obese,” which opens them up to a lot of issues with health care. Therefore, my BMI could theoretically be used “against” me if, say, that information fell into the hands of a health insurance company and that insurance company decided it meant something specific about my cardiovascular system.

Similarly, Fitbit also knows my heart rate (including resting heart rate, what it is at any moment, and trends over time), which is a good indicator of heart health. That information could also theoretically be used in combination with the data my Fitbit tracks about my exercise (what I do, when I do it, how much I do it, what I do the most) to figure out if I’m engaging in less healthy activities.

And MyFitnessPal adds a third layer to the “what is Emma doing to her cardiovascular system” cake. Because — speaking of cake — MyFitnessPal knows when I eat it. As well as everything else I eat and drink, as long as I fill out that little food diary every day. 

So we have my heart rate, exercise, and food consumption — all online. I’d say that gives a pretty complete look at my cardiovascular system as it is right now. But it doesn’t end there. I have two more services to look at that potentially could predict the future of my heart health.

One: MyHeritageDNA. As I outlined in my examination of MyHeritage, there’s an option to get tested for diseases that I’m genetically predisposed to. And while, on one hand, that sounds like really important and interesting information to have about oneself, on the other hand it potentially opens me up to stuff like higher insurance premiums. Yikes! Not into it. 

But if I did choose to get that test, then the internet would know if I was predisposed to type 2 diabetes and heart disease. (Spoiler: I am predisposed to one and not the other. Guess the internet knows that about me now too!) 

Finally, I use One Medical for my general health care. Because One Medical is a combination technology and health care company, providing concierge access to medical providers via their app, you could argue that the internet knows everything about my cardiovascular system that there is to be known. Luckily, from what I can tell, One Medical not only doesn’t sell data (which would be both out of HIPAA-compliance and also majorly unethical) but also isn’t messing around with security. According to their privacy policy:

“We take the security and confidentiality of your personal information seriously. We follow industry best practices in software development and testing, including periodic vetting by internal and external security researchers. Your data is encrypted in transit and at rest, and our infrastructure runs on an industry-leading highly secure, HIPAA-compliant data center.”

I’ve given quite a few internet companies information about my cardiovascular system — picture those little pieces of data just floating away from my veins and heart and lungs and into the digital world. And while so far I’ve been pretty okay with each individual company, what they collect, and what they do with that information (with a few exceptions, of course), examining that same information across services makes me feel…nervous. 

While these companies aren’t connected to each other in the same way that the parts of my cardiovascular system are connected — meaning, they’re not talking directly to each other —they are still part of the bigger “cardiovascular system” that is the internet. And if they use third party data aggregators, they are potentially sharing information about me with each other. 

Is that a system I want to be a part of? Is that where I want these personal bits of me to be? I can’t opt out of my cardiovascular system — and I can’t really opt out of the internet, either. I could stop using some of these services, but honestly I really like them and I think that they probably are net positive for my health. 

My physical health, at least. The questions about my digital health are still up in the air. I can’t give a solid thumbs up or thumbs down on this one, folks. I think we’re all going to just have to process it a bit longer.