Not an elephant, but can we talk about HIPAA in the room? ; The end of “business as usual”


Here’s today’s roundup of news… Want it by email? Register here.

Hip Hip Hooray?

Meta is prosecuted again. (We’re sure you’re not surprised.) And this time it’s health-related data.

In June, The Markup discovered that the websites of 33 of Newsweek’s Top 100 hospitals had an embedded metapixel that was transmission of data from online portals to Facebook when patients made appointments.

Hospitals need site beacons to trigger when a patient makes an appointment or is referred to a clinic so they can track patients through their care system. They have legitimate use cases for data and for carrying a metapixel. The problem is that Facebook uses the data for targeted advertising, retargeting, prospecting and attribution.

Meta was stricken with a HIPAA violation this week because he has not signed Business Associates Agreements, the HIPAA-mandated legal contract between parties who share protected health information (PHI).

The only reason Facebook is being sued is because it used PHI taken directly from hospitals. If Facebook had received health information from, say, a Fitbit or period tracker app, HIPAA wouldn’t even apply – which means that HIPAA does not provide enough protection in a post-Roe world.

Since Roe’s overthrow, abortion rights advocates have been lobbying digital platforms regarding the misuse of health data for advertising purposes, as this data could now be used as evidence to identify and incriminate doctors or a woman who requested an abortion.

Google is committed to remove location data related to clinic visits, Snapchat is trying to eliminate pregnancy center fronts in its Map service, and the OkCupid dating app actually donated ad inventory to family planning.

Welcome to the new BAU

Speaking of Meta pixel, a new marketing research paper written by two business school professors and two Meta executives actually quantifies the extra cost incurred when businesses are unable to attribute conversions using the Meta pixel or SDK.

According to the report, which was published at SSRN, when businesses have access to Pixels or Chat Data SDKs, the average cost per additional customer is approximately $43.88. The researchers call this scenario “BAU” or “business as usual”.

But that number jumps 37% to $60.19 when conversion data is limited to the platform itself, which is often the case on iOS today.

Aside from the fact that two of the authors are meta-researchers, the implication is clear: Apple’s policy changes have a direct and measurable impact on large swathes of the consumer market.

E-commerce and retail are particularly affected, especially “clothing accessories” and “durable household goods“, such as mattresses, furniture, electronics and kitchen equipment – all power categories (now old) driving the DTC boom on Facebook and Instagram.

GDP-armed and ready

GDPR investigation and penalty coverage typically focuses on Silicon Valley giants – and for good reason.

Companies owned by Google, Amazon and Meta have been fined approximately $1.5 billion combined under the law, which is several times more than all other GDPR fines combined.

But European data protection authorities are also bringing a steady rhythm of small cases, often focused on marketing-related breaches.

Just this weeka data regulator from Lower Saxony (it’s a state in Germany, for those who aren’t familiar) has fined nearly a million dollars on an anonymous credit company that collected behavioral data without consent or legitimate interest and used this data to create segments of users to target online.

In July, the French data regulator rang TotalEnergies, an oil and energy company, for continuing to use the data for direct marketing purposes even after users opted out. (TotalEngines has also taken steps to prevent customers from unsubscribing, which is a major no-no.)

Oh, and Swedish buy-it-now-pay-later service Klarna was fined $800,000 earlier this year for failing to inform customers about how “personal data has been handled in one business services”. It’s not explicitly stated, but read between the lines and the likely offender here is Klarna’s Marketing Solutions business, which uses first-party data to target and attribute ads.

But wait, there’s more!

Your email strategy may blow up sooner than you think. [AdMonsters]

French iOS app developers are suing Apple for its App Store charges. [Reuters]

Meta pays media companies to post Instagram reels. [Digiday]

TikTok influencers say the platform’s payment to creators is less attractive than YouTube’s. [Insider]

Even so, TikTok is expected to overtake YouTube in influencer marketing spend by 2024. [TechCrunch]

You are engaged!

Thomas Joseph, former director of SiriusXM and Pandora, is the new CTO of Integral Ad Science. [release]

Fyllo launches into APAC with former Amobee SVP Robert Woolfrey as APAC General Manager. [Marketing Interactive]


Comments are closed.