This statement was originally published on privacyinternational.org on 4 August 2021.
Companies selling diet programmes are using tests to lure users. Those tests encourage users to share sensitive personal data, including about their mental health. But what happens to the data? We investigated to find out.
- More and more companies selling diet programmes are targeting internet users with online tests with little to no clarity when it comes to what happens to your data.
- These tests request sensitive personal data about your medical history and mental health.
- For at least two of the programmes we looked at, the data we entered did not affect the programme we were being sold, raising questions as to why the data is collected in the first place.
- We conducted traffic analysis to find out what happens to the data and discovered that one of them actively collected and shared sensitive personal data, while the poor security practices of the others meant the data was de facto accessible to third parties.
For many, browsing the internet or checking social media comes with its fair share of being targeted with ads selling “fad diet” subscription-based programmes, magic weight-loss powders, or promising a secret trick to lose weight quickly. Some of the products and programmes sold have been described as scams, with a very real impact for those suffering from eating disorders and those who fall prey to these ads. This is even more problematic due to the Covid-19 pandemic, which has seen the numbers of children with eating disorders are “soar”.
Social media platforms have tried addressing the problem: Facebook has banned ‘”before-and-after” images or images that contain unexpected or unlikely results’; for users under 18, TikTok banned ads promoting fasting apps and weight-loss supplements; Instagram hides posts that promotes the use of certain weight-loss products from users under 18; and Twitter prevents advertisers from targeting people suffering from eating disorders. But there are workarounds. Facebook, for instance, still gives the option to advertisers to target teenagers with an ‘interest in extreme weight loss.’
As part of our research into the “AdTech” industry, Privacy International noticed that the diet ads we were targeted with led us to tests aimed at creating a so-called profile of our body and eating habits, to design a dieting programme, which they said were specific for our needs. Given our previous experience with depression tests and the current environment of vast and often unlawful data collection, Privacy International looked into those tests to find out what data those companies were collecting, what those programmes involved, where the data was going, and who it was shared with. Here is what we found.
‘Body profiling’: who are the companies trying to know you and what are they trying to sell?
For the purpose of this research, we have looked into three companies offering tests online to help you ‘find the diet that is best for you’: BetterMe Meal Plan, Noom and VShred. BetterMe Meal Plan and Noom were the first ads that came up on Google after a search for “weight loss,” while VShred targeted us with ads on YouTube following that search. It is worth noting however that some internet users are targeted by those very companies without ever searching for weight loss-related topics.
BetterMe Meal Plan
BetterMe Meal Plan is part of the BetterMe family of apps run by BetterMe Limited, a company registered in Cyprus. However, a look at the career section of their website reveals that they operate from Kyiv, Ukraine. They claim to have a team of over 100 people working for them and to be “one of the largest partners of Facebook/Google/Snapchat/Twitter from [Central and Eastern Europe].” BetterMe creates apps for healthy living: diet, walking, running, yoga, meditation, period tracker… They claim to have “50 million installs” across their apps and “6 million members across social media platforms”.
So we tried it out. BetterMe Meal plan starts by asking if you are a man or a woman. During our research, we observed that after this point, the questions will be identical no matter the gender you indicated, but the illustrations will change.
BetterMe Meal Plan then asks you to define your goal: losing weight, gaining muscle, or developing healthy habits. We’ve observed that even when your goal is not losing weight, the test will still ask you to define your ideal weight and provide you with the same weight loss plan whatever your ideal weight is.
The test requires you to define your body type (‘rectangle,’ ‘hourglass,’ ‘pear’ and ‘round’ for women; ‘ectomorph,’ ‘mesomorph,’ and ‘endomorph’ for men) before going on to lifestyle questions: what does your typical day looks like (at the office, taking long walks, doing physical work…), when were you last at your ‘ideal weight,’ what your ‘bad habits’ are (not getting enough sleep, eating late at night, eating too much sweet or salt, soft drinks…), how much do you exercise, what are your energy levels like, how much do you sleep, how much water do you drink, what kind of food you enjoy eating…
The last round of questions pertains to measurement: age, height, weight and target weight. Regardless of the target weight you enter, BetterMe Meal Plan will have a ‘plan’ for you. That means even when you enter a completely unrealistic weight target like 30 kilos for 160cm (i.e. a weight target that would kill you), you are presented with a ‘plan.’ Except our research shows that the plan is always the same regardless of the data you enter. The only things that change are your current weight and the target weight you have entered. Here is a table with some of the values we tested:
Noom is a US-based company that sells weight-loss and healthy living apps. They pride themselves in having their Diabetes Prevention Program recognised by the US Centers for Disease Control and Prevention and being mentioned in academic publications. In 2021, the company raised $540 million in investment funding.
Noom starts by asking you if you are here to ‘get fit’ or ‘lose weight’, however the questions we were asked were the same in both selections. And even when we chose ‘get fit,’ we were still required to enter a target weight.
However, it is worth nothing that Noom does not allow you to set a target weight below an average BMI index. You are then asked to enter your gender, whether you are pregnant, your age range, how healthy you generally are, what you tend to eat, how often and whether you have back issues. As part of the demographic profile, you are also asked if you are at risk of the following diseases: heart disease/stroke, high blood pressure, diabetes, NASH (non-alcoholic steatohepatitis), osteoarthritis, kidney disease, depression or others.
From our research, regardless of your response you are then asked if you have every been diagnosed or received treatment for diabetes. You are also asked if you have taken antibiotics in the past two years. We consider that answers to most of these questions can be considered health data, and therefore sensitive personal data under data protection frameworks like the GDPR (see Article 9) in the European Union. This means that Noom would be legally obliged under EU and UK data protection law to prove that they have taken extra steps to specifically protect these categories of data.
VShred is a US-based company that sells weight-loss programmes, food supplements, and sports clothing.
Like BetterMe MealPlan, VShred starts by asking if you are a man or a woman, and just like them the questions you are asked are the same regardless of your gender, only the illustrations change. You are then asked about age, height, weight, how active you are and to describe your goal.
Based on the answers you provided, VShred provides you with your ‘Daily Macros,’ the number of calories, carbohydrate, protein and fat you’re ‘allowed’ and your level of activity.
Source: MEDIA FEED