98% of mental health websites sharing data of visitors with third parties

98% of mental health websites sharing data of visitors with third parties

Mental health websites

Privacy International has alleged that almost all of Europe’s most-visited mental health websites that offer help to patients of depression contain third-party cookies, third-party JavaScript or images hosted on third-party servers, allowing third party firms to track visitors for advertising and marketing purposes.

The privacy advocacy group said recently that it analysed 136 popular mental health web pages, 41 of which were listed on Google France, 44 were listed on Google Germany, and 51 on Google UK. These websites were selected on the basis of Google search results based on queries of depression-related terms. Some of these websites also featured in the list of the most visited mental-health-related websites compiled by SimilarWeb.

During the course of their analysis, Privacy International found that as many as 97.78 percent of these websites contained either third-party cookies, third-party JavaScript or images hosted on third-party servers. Alarmingly, 76% of the 136 websites were found containing third-party trackers for marketing purposes and among mental health websites in the UK, the proportion rose visibly to 86.27%.

PI found that a large number of third-party trackers running on mental health websites are owned by either Google, Amazon, or Facebook. While 92.16% of mental health web pages in the UK are running Google trackers, 49.02% are running Facebook’s third-party trackers, and 11.76% of such pages are running Amazon Marketing Services.

It also observed that mental health websites in general place a large number of third-party tracking cookies in their pages even before visitors are able to give or deny their consent to the use of cookies. An average mental health web page in the UK uses 12.24 third-party tracking cookies while one in France uses an alarming 44.49 cookies.

“We found that three out of nine depression test websites don’t show a cookie banner, even though they are placing third-party cookies. We also found websites that ask for consent, but don’t offer a straightforward option to reject consent,” PI said.

AdTech firms & data brokers crowding mental health websites

What’s most concerning is that trackers in mental health pages are being deployed by known data brokers and AdTech companies such as AppNexus, LiveRamp, Rubicon Project, Criteo, Oracle, Outbrain and Taboola. According to Privacy International, these companies “place cookies with unique identifiers on people’s browsers, which allow them to track users across the web and across different devices to create granular user profiles, including the fact that people have visited mental health websites.”

“Our findings of this report show that many mental health websites don’t take the privacy of their visitors as seriously as they should. This research also shows that some mental health websites treat the personal data of their visitors as a commodity while failing to meet their obligations under European data protection and privacy laws.

“All website providers have a responsibility to protect the privacy of their users and comply with existing laws, but this is particularly the case for websites that share unusually granular or sensitive data with third parties. Such is the case for mental health websites,” it added.

Privacy International also observed that NHS Digital’s web page that allows people to undergo ‘Mood self-assessment quiz’ shares the results of individual tests with Adobe which tracks the page for measurement or analytics, even though it also offers advertising and marketing services as well.

In response, NHS Digital said that it is in the process of complying with the Information Commissioner’s Office’s updated guidance about cookie policies which was published in July and the process is expected to be completed later this month.

“In July 2019 the Information Commissioner’s Office published updated guidance about cookie policies and we are in the process of ensuring that we translate this guidance into practice on the site.

“This work will be completed by the end of September 2019 and, from this point, users will be automatically opted out from all analytic and third party cookies. Users will be specifically asked if they would consent to opt-in, in order to support us to continue to develop the service so that it best meets user needs,” it said.

ALSO READ: 86% UK’s most-visited websites failing GDPR compliance tests

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]