Popular UK health websites share sensitive user data with Google, Facebook, dozens more

A number of popular health-related websites in the UK are reported to be actively sharing sensitive user data with dozens of third parties, including Google and Facebook, but also various adtech firms and data brokers.

Not good. An important new investigation from the Financial Times reveals symptoms, drug names, and terms like 'abortion' are shared with hundreds of third parties.

The scariest ones in this list aren't just Google, Amazon, Facebook, Oracle, Scorecard, or OpenX, but the ones you've never heard of, who receive even less scrutiny over data privacy and security practices.


Using open-source tools to analyse 100 health websites, which include WebMD, Healthline, Babycentre and Bupa, an FT investigation found that 79 per cent of the sites dropped "cookies" — little bits of code that, when embedded in your browser, allow third-party companies to track individuals around the internet. This was done without the consent that is a legal requirement in the UK.

Google's advertising arm DoubleClick was by far the most common destination for data, showing up on 78 per cent of the sites tested, followed by Amazon, which was present in 48 per cent of cases, Facebook, Microsoft and adtech firm AppNexus.

"These findings are quite remarkable, and very concerning," said Wolfie Christl, a technologist and researcher who has been investigating the adtech industry. "From my perspective, this kind of data is clearly sensitive, has special protections under the [General Data Protection Regulation] and transmitting this data most likely violates the law."

How top health websites are sharing sensitive data with advertisers [ft.com]

[via techmeme.com]