Identity, Privacy and Trust

Dec 1 2010   9:44AM GMT

Talking balls on Facebook

tobystevens tobystevens Profile: tobystevens

Tags:
consent
Data protection
Data sharing
privacy

The NHS Choices website is a cornerstone of the government’s drive for health service efficiency and to move service delivery online. Users can log on to find out more about NHS services, and to use a symptoms checker to understand what might be wrong with them and (hopefully) seek medical attention where appropriate, or save a doctor’s time if their condition turns out to be nothing more than a cold. The site has made an effort to engage with social networking sites, such as integrating the Facebook ‘Like’ button. And as Mischa Tuffield of Garlk has spotted, this is where we get a big privacy FAIL.

Mischa points out that a visit to a NHS Choices conditions page calls on four external service providers:

Host: l.addthiscdn.com

Host: statse.webtrendslive.com

Host: www.facebook.com

Host: www.google-analytics.com

Two of these – Google Analytics and Webtrends – are used to monitor web traffic. In theory the privacy implications are relatively minor, although in certain scenarios it should be possible to identify an individual user subject to access to other information. It’s odd that the NHS has chosen to use third-party analytic services rather than implementing their own. This problem has been explored in detail elsewhere, so I won’t dwell on it here.

However, the Facebook and Addthiscdn links are there to drive the Facebook ‘like’ service, and this is where our problems begin. If a user visits the page from a browser that they’ve used to access Facebook before, then Facebook automatically gets to know that they’ve been to that particular conditions page. That means that if someone is concerned about a particular condition – let’s say testicular cancer – then if they’ve been to Facebook before, then Facebook gets to find out about that interest. Not good. And it gets worse – let’s say that the user feels they’ve received useful information, and clicks on the ‘Like’ button (or does so accidentally) – then it shows on their Facebook profile, and that’s really not good at all. Imagine being worried you have a serious illness that you don’t want to worry your spouse about, and accidentally clicking ‘Like’ – they get to find out. So does a potential or current employer if they’re checking your profile. The consequences could be very significant indeed.

I’m really quite shocked that NHS Choices has allowed this to happen, and more importantly that they have clearly failed to apply any form of effective Privacy Impact Assessment to how they deliver health information. If they do wish to connect to Facebook or analytics engines, then they should be making it an explicit ‘opt-in’ for the user before any information is shared at all. The NHS’ privacy policy has completely outsourced the problem to Facebook, so that users are left in the dark about the consequences of this functionality.

I’d like to hope that Mischa’s research will force the NHS to modify the website, and that at the very least the functionality will be suspended until the privacy issues have been properly investigated.

[Thanks to Ian for pointing this one out]

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Freek
    It's even worse. Also when you are not a Facebook member, the information is sent to Facebook, which means they can create personal profiles of everyone. See this paper; http://ssrn.com/abstract=1717563
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: