Study of booming market shows how sharing and exploitation of health and biometric data fuels everything from insurance hikes to workplace discrimination
(BUDAPEST, HUNGARY, NOVEMBER 20) — Health-related cybersecurity breaches and ransom attacks have skyrocketed more than 4000% – from 18 incidents in 2009 to 745 in 2023 in the United States only, targeting a booming market of body-centric data expected to exceed $500 billion by 2030, according to new research from Mozilla Fellow, Júlia Keserű.
Keserű’s research, "Skin to Screen: Bodily Integrity in the Digital Age”is part of her senior Fellowship project at Mozilla; the fellowship brings together experts working to advance openness and accountability in AI and promote an ethical, responsible, and inclusive digital environment.
The research examines the collection of what Keserű calls “body-centric data” which has experienced a dramatic surge since the COVID-19 pandemic and with the rise of sophisticated AI tools. Body centric data includes information about people’s biological and psychological characteristics — from fingerprints used to unlock phones and face scans for security to intimate data from fitness and fertility trackers, mental health apps, and digital medical records. However, this expansion also fuels significant risks: breaches in health data, widespread surveillance, discrimination, and exploitation by AI-driven systems have exposed major gaps in existing legal protections.
The research also features a survey conducted by Keserű, which confirmed widespread public anxiety about body-centric data sharing, with most respondents feeling "betrayed" and "exploited" by unauthorized data sharing. While users value health-related benefits and are willing to donate their data for scientific research, they expressed significant anger and fear about their data being used for profit without their consent, especially in sensitive contexts like mental or reproductive health." Most participants demanded stronger controls and protections, and a lot more transparency in how their data is handled by companies.
In spite of concerns, the study finds that the market for body-centric data has surged drastically, with the biometric industry alone projected to reach $200 billion by 2032. For context, the global pharmaceutical industry was valued at approximately $1.5 trillion in 2022. Keserű’s research warns that as companies collect more sensitive data about our bodies and minds, current laws offer little protection against the growing harms.
Some key findings and reported harms include:
- Cybersecurity Threats and Privacy Violations: Growing security breaches and consent violations can have very serious implications, especially in contexts like reproductive or mental health. For instance, information about fertility and period cycles is often sold to third parties - which can lead to litigation if someone is suspected of having an abortion in a repressive context.
- Discrimination and Bias: Data-driven discrimination is also on the rise. AI-driven diagnostic tools are trained on able-bodied white populations, demonstrating lower accuracy for darker-skinned patients, compounding disparities in healthcare, and fueling distrust. AI-powered recruitment tools frequently discriminate against neurodivergent people by trying to measure traits like optimism or emotional stability.
- Your Emotions aren’t Private: Emotion recognition technologies, which assess and interpret human emotions through various biometric features, are becoming essential across multiple sectors, driven by the rapid expansion of body-centric data collection. These methods are becoming increasingly sophisticated, operating similarly to lie detectors, particularly with the growing use of multi-modality datasets that integrate eye movements, facial expressions, and breathing patterns to achieve a more comprehensive understanding of our emotional expressions.
- Data Broker Industry Concerns: Data brokers exploit gaps in data protection regulations to buy, sell, and trade sensitive health and biometric data without user consent. Increasing reliance on digital systems that don't comply with cybersecurity requirements, coupled with the astronomical rise of data breaches, has also led to health data being traded on the dark web, with rising insurance costs and growing incidents of identity theft and cyber extortions, where hackers demand a ransom for the return of sensitive data.
To protect consumers, Keserű proposes the ‘databody integrity’ framework that helps treat digital information about our bodies and minds with the same human rights protections as our physical selves. Her research recommends various policy reforms, recommendations for the tech industry, and best practices for individuals, including:
- Redefining sensitive data within data protection regimes to encompass all forms of bodily data collection. This revised classification should include "derived data" or "inference data," making clear that information obtained from analysis or aggregation also poses significant risks.
- Expanding health national privacy laws like HIPAA in the U.S. to cover all health-related information - including data collected from fitness trackers and health apps - not just traditional medical records. Currently, if you live in the U.S., your doctor's office must protect your data, but companies collecting equally sensitive health information through apps and devices do not.
- Promoting clear, user-friendly consent mechanisms that empower users to make informed decisions about body-centric data collection while ensuring opting out is straightforward, transparent, and free of negative consequences.
- Leveraging resources like Mozilla’s Privacy Not Included to prioritize platforms with robust data protection regimes.
“We need a new approach to our digital interactions that recognizes the fundamental rights of individuals to safeguard their bodily data, an issue that speaks directly to human autonomy and dignity,” Keserű stated. “As technology continues to advance, it is critical that our laws and practices evolve to meet the unique challenges of this era.”
---
Press contacts: Tracy Kariuki: [email protected]