Feeds

NHS enables Facebook to track surfers on health info website

Privacy experts say 'ick, germs'

Choosing a cloud hosting partner with confidence

Privacy experts have expressed dismay at a decision by the NHS to allow Facebook and Google to track users on one of its sites.

The NHS has integrated its NHS Choices site into the Facebook Connect platform, so that surfers can express an interest ("like") for pages on the site and share content with their friends and contacts on Facebook. Google is also able to track the behaviour of individuals on the NHS Choices website, online privacy firm Garlik warns.

Garlik is sharply critical of the designers of the site. Mischa Tuffield, a developer at Garlik, criticised the design decisions as either "ill judged or ill informed".

Most of Tuffield's criticism focuses on the tie-up between the health information site and Facebook Connect which "opens the door to third-party tracking", even in cases where a user is not logged into Facebook at the time of visiting the NHS Choices site.

The site also uses analytics services from Google and Webtrends, something Garlik argues should not be trusted to a third-party supplier, as outlined here. However, it reserves the bulk of its criticism for the tie-up with Facebook.

Tuffield writes: "What right has the NHS to share any information about the browsing of NHS Choices with Facebook? The Like button is engineered such that even if it is not clicked, it still passes information about the user to Facebook, even if they are not logged into Facebook at the time of the visit."1

Garlik, which was the first to warn of the issue, was able to establish that tracking took place using internet logging tools. It knows from this exercise that individually identifiable data is exchanged between NHS Choices and Facebook, but not how it is used.

Users can be expected to be viewing content on NHS Choices that most might normally be expected to want to keep private. Garlik offers an example of a young mother looking for information on post-natal depression, but many others can be imagined.

The sharing is mentioned in the NHS website privacy policy, something few average punters would read, and a point that cuts little ice with Garlik or other critics.

Andy Thomas, Garlik’s managing director, said: "The fundamental issue here is that the NHS believes it is acceptable to share information about users' browsing habits with third parties. This appears to have been a conscious decision, and the NHS believes that a statement buried away in a privacy policy makes it OK."

"NHS Choices has either wilfully decided that sharing the pages visited by all Facebook users with Facebook is acceptable, or has implemented the technology without understanding how it works."

The issue has been taken up by Tom Watson MP, who wrote to the Health Secretary on Tuesday to express his concern that the "NHS is allowing Google, Facebook, and others to track your nhs.uk browsing habits, regardless of the fact that people use the page to seek medical advice".

"The NHS Choices website is used by members of the public in order to find out facts about ailments they may be suffering from and these illnesses could cause an individual embarrassment if the information was leaked," he writes.

Watson wants the link between NHS Choices and Facebook Connect to only exist in cases where users opt in to link the services, rather than (as now) by default.

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.