Verily's COVID-19 Screening Website Leaves Privacy Questions Unanswered

One week after Alphabet’s Verily launched its COVID-19 screening website, several unanswered questions remain about how exactly the project will collect, use, and retain people’s medical information.

Verily, a healthcare data subsidiary of Google’s parent company Alphabet, has until now operated its Project Baseline as a way to connect potential participants with clinical research. Now, after a confused roll-out, Verily’s Baseline COVID-19 Pilot Program screening and testing website allows users to fill out a multi-question survey about their symptoms and, if they are eligible, directs them to testing locations in a few counties in California.

After a letter from Congress and multiple blog posts, press statements, and not one but two FAQs from Verily, users still do not have enough information about how using this service will affect their medical privacy. So, we have a few questions of our own.

Why does using the site require a Google account?

While the United States is in dire need of more testing, individuals’ access to this critical health service should not hinge on whether or not they have created an account and shared information with the world’s biggest advertising company.

But you can’t use the Verily screening website without a Google account: users must either log into their existing Google account, or create a new one, before filling out the screening survey. Verily representatives have claimed this is necessary to authenticate users and contact them during the screening and testing process. However, Verily has not explained why a Google account is uniquely suited to identifying patients, or why the project cannot use other less invasive forms of identification.

What will Verily do with your information?

Verily assures users that the medical information they input as part of the screening service will not be linked with their Google account data without “separate or explicit” consent. However, the screening website’s FAQ page says that information may be shared with “certain service providers engaged to perform services on behalf of Verily,” which includes—you guessed it—Google.

Verily also assures users that their information will not be used for advertising. What Verily will use that information for, however, is broad and unclear. Its privacy policy lists “commercial product research and development,” as a potential use, and the Project Baseline FAQ lists similarly vague uses, including to “provide insights about your health,” “conduct and publish research on health and disease,” and “build new tools, technologies, products, and partnerships related to health and disease.” Without explicit written documents memorializing these data use protocols, users have little reassurance that Verily’s uses of their health data will be tailored, appropriate, or privacy-protective.

Who is Verily sharing data with?

Verily states that it will not share any information with insurance or medical providers, which is a good start. However, Verily outlines other potential recipients of users’ information:

The information you choose to provide during the screening process or testing process may also be shared with the healthcare professionals at the specimen collection sites, the clinical laboratory that processes specimens, the California Department of Public Health, and potentially other federal, state, and local health authorities, as requested or mandated for public health purposes.

While Verily has been clearer about the healthcare professionals and labs it partners with, it does not detail what “other federal, state, and local health authorities” include. What is Verily’s relationship with the U.S. government? Would ICE, for example, have access to user data under any circumstances? The only thing that’s clear here is that Verily is lumping federal, state, and local public health agencies into one undifferentiated mass, and that is unacceptable.

Verily also fails to provide more information about its relationship with the California Department of Public Health. Is there a written Memorandum of Understanding that lays out how data will flow between Verily and state health authorities?

Instead of FAQs and a privacy policy filled with vague predictions of how information “may” be shared, the public needs detailed documentation of how each of these relationships could play out.

Does using this service opt you in to Verily’s Project Baseline?

In addition to Project Baseline, where the COVID-19 screening site is hosted, Verily has its Baseline Platform, Baseline Registry, and Baseline Community.

After completing the screening survey on the website, users are asked if they would like to participate in Verily’s Baseline Community, which spokespeople have told the press will “enable you to participate in creating new knowledge that is critically important to the health of all of us in the face of the COVID-19 pandemic.” Statements go on to say that participation in Baseline Community is “completely voluntary,” and imply that users’ information is shared with California public health authorities regardless.

It’s unclear how these various Verily services intersect with the screening website, and how those relationships may or may not change in the future. Concerns about such internal relationships are especially critical given Google’s healthcare ambitions and previous scrutiny in this area.