City

Privacy advocates are concerned by NYC’s online teen counseling service

A letter to New York City Mayor Eric Adams and others cites privacy concerns with the city's use of the telehealth service Talkspace.

By Keely Quinlan

September 11, 2024

(Scoop News Group)

Advocates for data privacy and ethics in artificial intelligence penned a letter on Tuesday to New York City officials with concerns about how the city’s free telehealth counseling service for teens collects data on minors.

The letter, signed by the Parent Coalition for Student Privacy, the New York Civil Liberties Union and AI for Families, names several concerns about the data privacy of teens who enroll in counseling services through NYC Teenspace, which the city launched last November.

To provide the service, the city’s Department of Health and Mental Hygiene signed a $26 million contract with the virtual mental health care provider Talkspace. The letter claims that because the city’s health department, rather than its education department, signed the contract, the city might be allowed to sidestep privacy protections afforded students and their families under state and federal student privacy laws.

Specifically, the letter presents concerns around the legality of how NYC Teenspace collects data about teen users. To sign up for the service, the letter claims, teens must share personal information that includes “their first name, date of birth, address, school, and a series of questions related to their mental health, including how often they feel stressed, and whether they need help with trauma, sexual problems, and/or drugs and alcohol use.”

“Many of these questions are illegal for schools or their vendors to ask minor students without parental consent or opt out, according to the federal Protection of Pupil Rights Amendment (“PPRA”) — which is not provided in this case,” the letter states.

The groups add that such data collection would also be in violation a section of the New York Education law that pertains to the unauthorized release of personally identifiable information.

In an email to StateScoop, a spokesperson from the NYC Health Department said user data is destroyed 30 days after no contact with a therapist.

“The Health Department has taken additional steps to protect the data of Teenspace users and ensure information is not collected for personal gain, including stipulations that require all client data to remain confidential during and after the completion of the city’s contract and barring use of data for any purpose other than providing the services included in the contract,” the email read. “The Health Department is in the process of setting up an independent evaluation to review the program and will work in good faith with anyone who brings us their concerns.”

New York City public schools have been a repeated target of cyberattacks and breaches over the past two years. The letter states these incidents have led to worries that data shared with TalkSpace “could be compromised, misused, and exposed by bad actors.”

Last summer, the data of 45,000 public-school students and employees in New York City, including some Social Security numbers, was exposed in the global breach of the MOVEit file-transfer software. In 2022, the personal data of more than one million current and former students was accessed in a hack of Illuminate, a grading and attendance software vendor used by city schools.

The letter — which was addressed to Mayor Eric Adams, Education Chancellor David Banks, Health Commissioner Dr. Ashwin Vasan and Anne Williams-Isom, deputy mayor for the city’s Department Health and Human Services — also addresses broader concerns with Talkspace.

Some of the service’s former employees have have criticized its data collection and privacy practices, claiming it exploits patients’ data for profit. In 2022, the telehealth provider was mentioned in a statement released jointly by Sens. Elizabeth Warren, Cory Booker and Ron Wyden detailing the practices of some online counseling services, which appeared to be “taking advantage of a ‘regulatory gray area’ in the Health Insurance Portability and Accountability Act of 1996.”

The letter also notes that Talkspace recently hired the lobbying and public affairs firm Oaktree Solutions, which is run by Frank Carone, the mayor’s former chief of staff.

“All of this critically important information was readily available to City officials in advance of their engaging with the company and providing the company with unfettered access to the personal data of NYC children,” the letter reads.

Authors of the letter requested a meeting and formal review of the city’s Talkspace contract, which has not yet been made public.