Facebook as a model for consent management

It’s not everyday that you hear Facebook’s most recent changes to its privacy practices referred to in strongly positive terms (at least by people who don’t work for Facebook), but some leading advocates of more fine-grained control over privacy in the health information context point to Facebook as an example showing, in the words of World Privacy Forum founder Pam Dixon, “that we can in fact have granular control over sensitive data.” One of the key aspects of health information privacy that remains under-addressed to date is the capture and adherence to consumer preferences about the use and disclosure of their personal health information. Beyond the debates about exact what uses of the data should require proactive consent from individuals, there has been concern over the functional and practical aspects of managing many different “consents” corresponding to different uses and context and scenarios. Deborah Peel, a doctor and founder of the non-profit Patient Privacy Rights, characterizes Facebook as a “kind of consent management system,” albeit one with controls that could stand improvement and that may not be fully suitable to handle the complexity (or robust identification and authentication requirements) involved in consent management for health information.