Turning Me Inside Out

I have been getting into the swing of publishing my identity online, even signing up for Openhuman.org, but this week something came up where even I need to draw the line...23andme offers 'the first personal genome service'.

With your genome mapped just think of how much more effective match.com could be, pharmaceutical companies could predict what drugs you would need, even your health insurance company might drop your premiums because you have healthy gene stock. It did get me wondering who was looking at my insides and why.

Microsoft's HealthVault

Microsoft's announcement of HealthVault prompted enough commentary regarding data security, particularly due to the sensitivity of the information contained. A common view prevailed that HealthVault would present certain risks to individual privacy, perhaps due to the idea that it would fund itself by selling targeted advertising. Think of Facebook's advertising model on illegal anabolic steriods.

Microsoft is not alone in its quest to get hold of our medical data - it is joined by Google and Revolution Health all vying to revolutionize the consumer end of the healthcare industry. Their aims are essentially benevolent - using technology to increase healthcare awareness and preventative care and to create an accessible repository of individual healthcare histories, yet ultimately they need to be viable businesses.

Therefore the service will come at a price. To the consumer, seemingly free, but actually in exchange for personal and private medical records. These organizations all have privacy policies that include the use of cookies and beacons and the ability to run targeted promotional campaigns. Microsoft's Privacy Policy does however provides 'custodial access', something that I also advocate for in my own Personal Portals model. Yet the the usual legal disclaimer allows these services to amend their Terms of Service and Privacy Policy at anytime without further notice to you - so there is a chance that your data may be sold on without your explicit consent.


Funded by Google, this Silicon Valley start-up offers a personal genotyping service - for US$1000, they will take a sample of saliva to compute your unique genetic profile. They will then upload it to your website where you can log in and explore your personal genome. They will maintain this information on your behalf and inform you when the latest genetic discoverys affect you. A bizarre form of social networking is also made possible, where you can connect to your genetic pals around the world.

Larry Dignan's blog on ZDNetalso discusses 23andMe alongside Google and Microsoft's propositions. He comments "And then 23andMe becomes such a hit that United Healthcare buys the company. I trusted 23andMe the startup. I don’t trust 23andMe, the unit of a health insurance company.". He rightly concludes that "When you store your medical history, DNA and tendencies for heart disease in someone’s cloud, trust is everything."

So what about you?

Let's project forward a few years. To participate in society in most of the developed world, any information about you that is worth anything will need to be stored electronically and be accessible online. Whom will you trust to keep that information accurate, accessible yet secure? How will you protect yourself from mergers and aquisitions where your data is being acquired by an unknown company?

Will legislature be extended to include the protection of all of my personal property - including data? If laws as good as the ones that protect my money can also apply to my data, I might be a little more confident, yet unlike money, data can be replicated. Perhaps if data carried behavior as well as value as in Neil Gershenfield's concept of Smart Money, then I might be able to control what my data got up to after it left my custody.

If we don't begin now to get this right, it will be too late, the machine will have a dependence on free flowing personal private information. We are at a pivotal point in personal information management, a point where we the people can chose to regain control.

Personally, I am restricting the flow of key information to the bare minimum: Organizations whom I transact with will get what they need from me and I will not permit them to trade that where I can; I will continue to participate in free online services and allow them to track me in trivial instances; Where I can, I will proxy my surfing and be judicious in the use of my search queries; And I will try to maintain a better source of information about me on my personal site than any marketer would have access to on the commercial market.

Even to me that sounds extreme behavior, but without it, I feel I can be guaranteed no privacy.


  1. Google gives new gene mapping service a bit of spit and polish by Nicolas Carr in the Technology Guardian (Nov 2007)
  2. Microsoft Wants Your Health Records by Jay Greene at Business Week (Oct, 2007)
  3. Google Health Prototype by Ionut Alex Chitu (Aug, 2007)
  4. Microsoft HealthVault, RevolutionHealth, and Google Health make me feel L-yucky! by Gabe_Rios (Nov 2007)
  5. Google Says Its Health Platform Is Due In Early 2008by Richard Martin of InformationWeek (Oct 2007)
  6. The online health revolution and your DNA: It’s a trust issue by Larry Dignan at ZDNet (Nov 2007)
  7. When Things Start To Think by Neil Gershenfield and published by Ray Kurzweil (May 2003)

Privacy Agreements Referenced