Document Type


Publication Date



In 2010, the social networking site Facebook launched a platform allowing private companies to request users’ permission to access personal data. Few users were aware of the platform, which was integrated into Facebook’s terms of service. In 2014, Cambridge Analytica, a UK-based political consulting firm, developed a data-harvesting app. That app prompted Facebook users to provide psychological profiles, including responses such as “I get upset easily” and “I have frequent mood-swings” as part of a “research project.”

The Facebook platform allowed users to share their friends’ data as well, enabling Cambridge Analytica to access tens of millions of personal profiles, identifying voters’ political preferences. The controversy revealed risks to identifiable health data posed by social media and web services companies’ practices. After the Cambridge Analytica controversy, Facebook suspended a project that aimed to link data about users’ medical conditions with information about their social networks.

Individuals often reveal detailed, sensitive health information online. Through wearable devices, social media posts, traceable web searches, and online patient communities, users generate large volumes of health data. Although some individuals participate in online patient forums and wellness information sharing apps under their own names, others participate via pseudonyms, assuming their privacy is preserved. Many users believe their data will be shared only with those they designate.