According to their website, Noom uses science and psychology to “help you lose weight and keep it off for good.” To do this, they help users to “better understand” their relationship with food, being “more attentive” to their habits and providing the knowledge necessary for “lasting change”.
To achieve this, Noom claims to develop a personalized diet for each user using information gathered during an initial testing process, which takes place before your account is created and which asks questions about your medical history, such as than prescribed drugs and any other Mental Health problems you may have encountered.
But, while the allure of losing weight and “keeping it off for good” may seem appealing to some, a investigation by anti-exploitation charity, Privacy International (PI), alleged that some custom diet companies, including Noom “use tests to attract [in] users. “
In a nutshell: according to PI, they sell the same “personalized” program to a lot of people. Which, really, makes it not so personal … and begs the question, why does Noom need so much user data (and what do they actually do with it)?
“Companies that sell diet programs are increasingly targeting internet users with online testing and providing little to no clarity on what happens to your data. [after]”PI told Cosmopolitan UK.
Their study showed that users who complete the Noom test are first asked if they want to “get in shape” or “lose weight,” followed by more than 50 questions. Some questions ask the user’s opinion on cognitive behavioral therapy (CBT), what triggers their snacking urge, which fitness apps they are subscribed to, as well as meal kit subscriptions.
Among the questions asked, especially if a client has been treated for Diabetes or recently taken antibiotics, PI found the answers “can be taken as health data.” Health data, PI points out, is classified as sensitive under the guidelines of the General Data Protection Regulation (GDPR), so Noom is legally obligated, under EU and UK law. on data protection, to “prove that they have taken additional measures to specifically protect these categories of data. “
While the PI report makes no definitive assertions about Noom’s compliance with data protection laws, it does raise concerns about the apparent lack of obtaining explicit consent for the collection of this sensitive data.
Data protection law aside, PI also found interestingly that “the data entered did not affect the program sold” despite having over 50 test questions, and that “Noom does not keep all of these information for itself “. In fact, the PI study found that the data collected was previously ‘shared with a company called FullStory’ – a platform that allows businesses to understand how consumers interact with their website: what they watch, what they click, what they buy, etc.
While not explicitly named, Noom says FullStory (being a third-party service provider) was covered by their terms and conditions. “Noom cares about the privacy of its users and does not share its users’ data with third parties other than its service providers,” a company spokesperson also told Cosmopolitan UK. But that’s not the full picture …
Since their initial investigation was conducted, PI has found that yes, while Noom no longer shares user data with FullStory, it now does so with Facebook. When asked about this finding, PI said that “the same concerns apply about the lack of transparency and information to users”.
Responding to PI’s discovery that user data is now shared with Facebook, a spokesperson for Meta (Facebook’s parent company) said, “We have policies regarding the types of information businesses can. share with us – we don’t want websites or sensitive information about people. “
To combat this, Facebook says it has a system “built to detect and filter this type of information”. They also claim to alert Noom if and when potentially sensitive information is identified, as well as to contact them “directly to ensure that they are complying with our policies to help protect people’s privacy.”
But, although third parties like Facebook claim to be doing their part to filter sensitive data, PI argues that the lack of transparency regarding the sharing of this data is “problematic,” adding that the user’s ability to consent or opt out is to oppose this must be much clearer.
“Applications can collect all kinds of data, including personal data,” says Magnus Boyd, lawyer and partner at schillings which specializes in information security. “But, the legality of this collection depends on the issue of consent.”
As Boyd points out, “Apps need to tell the user who they’ll be sharing their data with. [before they consent], but in reality, the third parties are not always listed in an easily accessible way. Instead, they’re often buried in long terms and conditions or privacy notices. “
In their investigation (which also looked at other ‘custom’ diet companies), PI ultimately found that ‘under the guise of finding the best diet for us and protecting our health, diet companies just collect money. more and more data about us, without providing us with appropriate information about what is happening with the data and with whom it is sharing it. “
While Noom’s terms and conditions state that third parties cannot resell user data, PI stresses that it is “difficult to assess on the basis of the privacy policies of these companies what specifically happens to our data”, adding that “the privacy policies we have read allow disturbing practices.”
But what does this mean for how our data can be used in the future? “Big tech companies have had their eyes on our bodies and our health care for the past two years,” PI said. “The specific appetite they have for our health data is something we should be particularly wary of.”
And, we’re already seeing evidence of that game, with Amazon US competing with health insurance providers by offering cheaper drugs, while here in the UK the shopping giant has partnered with the NHS to encourage people to use their Alexa devices for health. queries.
The bottom line is this: our personal data has a price. And, although we would like to think that our personal data is not sold off, especially when it comes to health, how can we ever be sure that it is not?
Boyd says one thing we can all do to protect ourselves is “as boring and time consuming as it sounds … read the terms and conditions and look for the document called a privacy notice or privacy statement.” the document that will define how the application will use and share your data. “The devil is in the detail.”
We’re hoping tech companies are moving forward to make this process a lot easier and clearer, like with health (and data), because we all know it’s our biggest asset.
When asked specifically about PI’s claim that all users receive the same “personalized” diet, Noom made no comment.
You might also like