"NHS is allowing Google, Facebook, and others to track your nhs.uk browsing habits, regardless of the fact that people use the page to seek medical advice", Tom Watson MP (2010)

Who should know your health concerns?

Facebook, Google, AppNexus, ComScore, Rubicon Project, Quantcast, Radium One, WebTrends, HotJar, New Relic ...?

Who are these companies?

These companies were tracking NHS pages and listed in NHS privacy policies, many still are since GDPR.

If you have an account with Facebook, Twitter, Google or similar then data was typically paired with your account id.

Don't have an account? It was likely paired with a tracking id stamped on your browser. Even those companies often get your email address from elsewhere, so it's rarely anonymous.



The ad companies

As you browsed the web (bought shoes online?) the ad companies tracked it and guessed what to show next (maybe socks). So what did they suggest after you visited NHS pages about alcoholism, diabetes, weight problems, ...?

They got access to online accounts

Trackers are software NHS website loaded them straight from the tracker's site into your browser. Once loaded it can do near anything on the site. NHS Choices left its accounts exposed.



Seriously, for example...

Earlier this year, users browsers on NHS sites were being used to mine cryptocurrency... basically, the NHS got hacked via these companies and we're lucky the attackers had such low ambitions.

They could also read and modify page content, incuding NHS Choices accounts that included personal details.

The NHS doesn't even know the extent to which this may or may not have happened... they lost all control, when they let the tracking software do what it liked. Read more (see below).

There's more

It gets worse: data leaks to some of these companies included some medical data and login tokens for accounts.

So Never again: Call for a ban

A complete ban on content on the NHS websites and mobile apps being served from anywhere, but NHS systems.

Many major websites work like this and it makes it a lot simpler to run a site if everything is managed from one place.

Lastly, We shouldn't need to wear an Ad blocker to protect ourselves from the NHS. How did we get here?



Read more

https://www.theregister.co.uk/2010/11/24/nhs_connect_facebook_privacy_fears/

https://www.enisa.europa.eu/publications/privacy-considerations-of-online-behavioural-tracking/at_download/fullReport

https://www.tsg.com/blog/security/ico-nhs-among-thousands-websites-hacked-sneaky-crypto-mining-code

Sign this petition and more

Review the data. Add your own

My complaints started by email. Some parts I've started to aggregate online. Read it and if you know how, send a request to add what you find

https://markalanrichards.github.io/our-privacy/

Join the Government petition

https://petition.parliament.uk/petitions/222766