The privacy advocacy group said recently that it analysed 136 popular mental health web pages, 41 of which were listed on Google France, 44 were listed on Google Germany, and 51 on Google UK. These websites were selected on the basis of Google search results based on queries of depression-related terms. Some of these websites also featured in the list of the most visited mental-health-related websites compiled by SimilarWeb.
PI found that a large number of third-party trackers running on mental health websites are owned by either Google, Amazon, or Facebook. While 92.16% of mental health web pages in the UK are running Google trackers, 49.02% are running Facebook’s third-party trackers, and 11.76% of such pages are running Amazon Marketing Services.
“We found that three out of nine depression test websites don’t show a cookie banner, even though they are placing third-party cookies. We also found websites that ask for consent, but don’t offer a straightforward option to reject consent,” PI said.
AdTech firms & data brokers crowding mental health websites
What’s most concerning is that trackers in mental health pages are being deployed by known data brokers and AdTech companies such as AppNexus, LiveRamp, Rubicon Project, Criteo, Oracle, Outbrain and Taboola. According to Privacy International, these companies “place cookies with unique identifiers on people’s browsers, which allow them to track users across the web and across different devices to create granular user profiles, including the fact that people have visited mental health websites.”
“Our findings of this report show that many mental health websites don’t take the privacy of their visitors as seriously as they should. This research also shows that some mental health websites treat the personal data of their visitors as a commodity while failing to meet their obligations under European data protection and privacy laws.
“All website providers have a responsibility to protect the privacy of their users and comply with existing laws, but this is particularly the case for websites that share unusually granular or sensitive data with third parties. Such is the case for mental health websites,” it added.
Privacy International also observed that NHS Digital’s web page that allows people to undergo ‘Mood self-assessment quiz’ shares the results of individual tests with Adobe which tracks the page for measurement or analytics, even though it also offers advertising and marketing services as well.
In response, NHS Digital said that it is in the process of complying with the Information Commissioner’s Office’s updated guidance about cookie policies which was published in July and the process is expected to be completed later this month.
“In July 2019 the Information Commissioner’s Office published updated guidance about cookie policies and we are in the process of ensuring that we translate this guidance into practice on the site.
“This work will be completed by the end of September 2019 and, from this point, users will be automatically opted out from all analytic and third party cookies. Users will be specifically asked if they would consent to opt-in, in order to support us to continue to develop the service so that it best meets user needs,” it said.