Warnung: *Datenschutz ist in diesem Produkt nicht inbegriffen
Feeling anxious, depressed, can't sleep? Cerebral says it can help you with a variety of plans that offer medication and management, medication and therapy, or just therapy. Hop on their website, create an account (there's no getting started without creating an account), take their questionnaire, and pay up. Off you'll go with a video or phone call with a mental health provider or a chat with a counselor. Cerebral even says you could get your medications within days. All this is well and good. What's not good AT ALL is the fact that Cerebral admitted to sharing the private personal health information of over 3.1 million patients with social media sites like Facebook and TikTok! That's not likely going to help your anxiety much.
Was könnte passieren, wenn etwas schiefgeht?
We’d expect an app called “Cerebral” to be, uh, smarter about protecting your personal data. Especially because it handles protected health information covered by the US’s stronger health privacy law, HIPAA. So, being conscientious should be a no-brainer… Right? Cue the sad trumpet sound. The short answer is no.
On top of what you tell them about yourself, Cerebral may collect information about how you use the services, like which products you’re using, when, and from what computer. Okay, if you must. But here’s where they may be getting a little greedy. Cerebral leaves the door open to collect information about you elsewhere, like social media sites and public sources, and combine it with what they already know about you. Plus, your lovely privacy researcher identified a heck of a lot of tracking going on, detecting 799 points of contact with different ad platforms during one minute of app activity. Why are you so obsessed with us, Cerebral?
They promise that the intimate knowledge will help them to “to better understand your interests and needs,” but it’s not clear whether that actually benefits you or not. They also mention “measuring the effectiveness of advertising and content we serve to you and others to deliver and customize relevant advertising and content to you” but that part definitely feels like that’s more like a benefiting-them-thing.
Here’s where we can share a little silver lining on an otherwise gray matter: they say that they “do not ‘sell’ your personal information and have not done so in the prior 12 months from the effective date of this Policy.” So your data’s not for sale! Not exactly cause for celebration, but we’ll take it.
In Cerebral’s case, it’s not too tough to imagine what could go wrong when you share your most sensitive personal information with them -- it already happened when they admitted they shared millions of their customers personal information, including potentially some pretty sensitive mental health information, for their own marketing purposes without permission. Yup, that's bad.
Tipps zu Ihrem Schutz
- Do not give access to your photos and video
- Do not log in using third-party accounts
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
- Do not give consent for sharing of personal data for marketing and advertisement.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible."
Gerät: Nicht verfügbar
Gerät: Nicht verfügbar
Verfolgt den Standort
Gerät: Nicht verfügbar
Was kann zur Registrierung verwendet werden?
Google sign-up available.
Welche Daten sammelt das Unternehmen?
Name, home and billing address, email address, and telephone number; demographic information such as date of birth, gender, race/ethnicity, location data
Health-related information, such as information about your medical history, medical conditions, treatment options, physician referrals, prescriptions, lab results, lifestyle and personal preferences, health insurance information, or other related health information, such as your physical and emotional characteristics.
Wie nutzt das Unternehmen die Daten?
Wie können Sie Ihre Daten kontrollieren?
Wie ist das Unternehmen in der Vergangenheit mit den Daten über seine Verbraucher umgegangen?
Informationen zum Datenschutz bei Kindern
Kann dieses Produkt offline genutzt werden?
Benutzerfreundliche Informationen zum Datenschutz?
Links zu Datenschutzinformationen
Erfüllt dieses Produkt unsere Mindestsicherheitsstandards?
Umgang mit Schwachstellen
"Cerebral utilizes a vulnerability management process that leverages external vendor services, and a suite of security scanning and penetration testing tools to identify, validate, and prioritize remediation. If a vulnerability requiring remediation has been identified, it is logged and prioritized based on its severity, likelihood of risk, and impact.
If an individual has concerns they can be raised via phone (415-403-2156), in the patient and client portal, or to the Privacy or the Compliance functions of the company at [email protected] or [email protected]."
The company representative shared with us that "We use machine learning models in various areas of the product to improve patient outcomes from optimizing patient-clinician matching to identifying patients potentially in crisis. These models help the patient, clinician or our operations teams see the most relevant, actionable information in a timely manner. These models do not make any decisions for users and the internal models are not accessible or controlled by users."
Ist diese KI nicht vertrauenswürdig?
Welche Entscheidungen trifft die KI über Sie oder für Sie?
Gibt das Unternehmen transparent an, wie die KI funktioniert?
Hat der Benutzer die Kontrolle über die KI-Funktionen?
Tauchen Sie tiefer ein
Notice of HIPAA Privacy BreachCerebral
Cerebral admits to sharing patient data with Meta, TikTok, and GoogleThe Verge
Telehealth startup Cerebral shared millions of patients’ data with advertisersTechCrunch
Mental health startup exposes the personal data of more than 3 million peopleCNN
‘Shut it off immediately’: The health industry responds to data privacy crackdownPolitico
Mental health app privacy language opens up holes for user dataThe Verge
Möchten Sie einen Kommentar loswerden? Schreiben Sie uns.