Image: Getty Images
Depression is a nightmare that can cut you off from everyone and everything you love. For some people, getting help means talking to someone, sometimes anyone. For many of us, that means researching our symptoms online, taking a quiz, or just watching a YouTuber talk about their own depression. Depression isolates, and there’s comfort in finding out your symptoms match a known medical diagnoses, or that someone else has gone through or is going through the same thing. But when we research our depression online, advertisers are watching and marketing accordingly.
But according to Privacy International, the websites aren’t handling users data in a responsible way. “We found that four out of nine depression test websites share test answers and test results with third parties, either as variables or directly,” the report said. “Answers to depression tests and results of depression tests clearly constitute personal data concerning health, as these are shared with third parties together with unique identifiers that are associated with users.”People reaching out for help with their depression sometimes start with an online quiz to check if their symptoms are serious. Privacy International discovered many of those sites were taking the results of that information and selling it directly to advertisers. “It was extremely worrying to see that the results of questionnaires were being piped into the adtech ecosystem,” Michael Veale, Lecturer in Digital Rights and Regulation at University College London's Faculty of Laws, told me over Twitter DM. “This is indicative of the perverse incentives baked into the economics of real-time bidding: the winner is the firm that plays the dirtiest and gets away with it. And as it stands, they all do.”Often, the mental health data advertisers are scraping is completely unsecured.“There is effectively no consideration of issues of security in the data supply chain, meaning data on an individual's mental health is likely in the databases of hundreds, if not thousands of companies,” Veale said. “This data is not just likely to leak beyond these companies—either with or without these firms' knowledge, but using it to target individuals is manipulative and wrong.”According to Veale, the presence of invasive trackers on even authentic–seeming health websites has shown how the internet has been turned into an insecure tracking infrastructure.“Regulators across Europe need to be seen to act fast and decisively to regain the trust of citizens online, particularly those systematically marginalised or vulnerable to targeting,” he said.