← Back to context

Comment by warkdarrior

9 days ago

Also, how identifiable is the data? Can a (US state) government agency subpoena data for individual users?

Does the app/company fall under HIPAA regulation? If it does, what security & privacy measures are in place to guarantee compliance? If it does not, what security & privacy measures are in place to prevent government fishing expeditions?

Finally, what security & privacy measures are in place to prevent app developer having a change of heart about selling the data? What if, say, United Healthcare offers to buy the app and the data for $1B?

10 comments

warkdarrior

Reply
bhpreece  9 days ago

> app developer having a change of heart

Yes. Two features high on my list of todos: 1) download all your data; 2) delete all data from the site.

The second is a bit more complicated, since multiple family members may have access to the same data, and may have different opinions on deleting it. I'll work it out.

Otherwise, you have only my integrity. I'm not looking to sell it, but I would love to hand this over to someone with more resources and bigger pockets. If I ever do, I would want those reassurances from them first, and I would definitely give all users fair warning, so they can pull out if they don't have the same confidence I do.

  • ygjb  9 days ago

    > The second is a bit more complicated, since multiple family members may have access to the same data, and may have different opinions on deleting it. I'll work it out.

    I know it's been said elsewhere, but you need a lawyer. This isn't something for you to work out, it's something for you to clearly understand your legal obligations, and what your exposure is based on which jurisdictions a user might log in from.

    • klibertp  8 days ago

      As someone under civil law jurisdiction, I have a hard time parsing this:

      > This isn't something for you to work out, it's something for you to clearly understand your legal obligations

      Like, is it really impossible to "understand your legal obligations" without help from a lawyer? Is it supposed to be like that? Why? Are the laws explicitly written to be impossible to understand if you're not a lawyer?

      I might have lucked out, but in the few instances where I had doubts, just reading the relevant code gave me all the advice I needed. They are written to be clear and unambiguous as much as possible - in effect, they're tedious and wordy but perfectly understandable. It's easy to recognize the complex or unclear parts because they really stand out from the rest - and that's when you ask a lawyer.

      Of course, if there's a significant penalty or otherwise stakes are high, consulting with a lawyer is a good idea. But the notion of "the people" only ever interacting with "the law" through intermediaries is... strange? Then again, you don't generally risk being shot in the head for arguing with a policeman here, which might or might not be a separate issue.

      6 replies →