/ Health, Technology

Has Facebook tracked the websites you’ve looked at?

Facebook 'Like' button

Did you know that by signing up to Facebook, you’re allowing it to track your browsing habits across the web, and giving it consent to collect what’s arguably personal and sensitive data? I didn’t.

Apparently though, you are. The reasoning goes something like this: by signing up to Facebook and accepting its privacy policy you’re giving it your consent to track your browsing on partner websites.

The problem is that we don’t think agreeing to a lengthy privacy policy is providing “explicit” consent for the collection of what may well be personal sensitive information. Unless you’ve been specifically asked whether you’re happy for your browsing habits to be tracked, we don’t think you’ve given any such consent.

And explicit consent is important here because, without it, no company can process (or use) an individual’s personal sensitive data without being in breach of the Data Protection Act (DPA).

Facebook’s privacy policy

I’ve read and re-read the paragraphs in Facebook’s privacy policy that are meant to say I’ve consented to the company collecting personal data on the websites I visit (you can too under the section ‘Information We Receive‘) but I can’t see any such mention. Plus, a privacy policy couldn’t really constitute explicit consent even if it wanted to.

Which brings me to my point. Last week a story broke about the health website NHS Choices letting Facebook track the browsing behaviour of its users, along with their Facebook IDs, via its ‘Like’ button embedded on some webpages. And according to Garlik, the firm that made the discovery, Facebook users are tracked even if these buttons aren’t actually clicked.

Now, why the NHS would allow a third party website to track its visitors in this way is beyond me. But the real point here is that these webpages contain health and lifestyle advice that could be personal to the browsing individual. Do you want Facebook to know that you’ve looked at a page about a particular disease or condition?

Has your online privacy been breached?

And now we come back to the Data Protection Act. Here at Which? we think that Facebook could be in breach of the DPA if it’s proved that sensitive and personal data has actually been collected without explicit consent. Plus, surely NHS Choices has a duty to prevent sensitive user data from being collected in this manner?

Both Facebook and NHS Choices, of course, deny that any breaches have taken place. So it’s now up to the Information Commissioners Office to investigate. South Korea’s Communications regulator has already taken action, accusing Facebook of violating the country’s data privacy laws and arguing that it needs to do a better job at getting user consent.

I think that Britain’s regulator should also take a good look at Facebook’s privacy policies. Does the company actually ask for explicit consent to track and gather information on what sites we look at? And if you knew that it did, would you still want to keep your Facebook account?

Comments
Guest
Sophie Gilbert says:
10 December 2010

And another reason not to be on Facebook. This is shocking. I regularly find new reasons to be delighted I deleted my account a wee while ago, and I doubt now that I will ever regret doing so.

Guest

Good post.

I think a lot of people make the mistake that Facebook is some altruistic free service. It isn’t. It makes millions from trading in our personal information. That’s its business model. It’s an information broker between us and the advertising industry. Like any business Facebook needs to continually increase its revenue and grow,,quickest way to do that is by further harvesting its only resource – us!

Guest
SeRiouS says:
10 December 2010

I must draw to your attention that it’s not just the like button, but also the FB.share feature that allows Facebook to track your every move…

It is thus with a tinge of sadness that I note the irony that you have such a share button on this page, hosted on the Facebook platform, which essentially means Facebook knows I’ve visited your blog. Checking the time logs, they can probably tell I’ve left this comment too.

Guest

We foresaw this very comment SeRiouS. However, what is viewed on Which? Conversation is arguably not personal and sensitive data, whereas the pages you look at on the NHS arguably are. Also, we would hope that there will be some action taken over Facebook tracking what pages you are viewing without you actually deciding to press the embedded buttons (if that is indeed what it is doing). Watch this space.

Guest
Chris says:
14 December 2010

Look, wake up & smell the coffee guys. Its a trade: you give up some of your privacy in return for something they have available. theyre monetising it using marketing ads. Is that really so terrible ? And i guess those that dont use facebook swap back to the phone or email? and thats completely secure, right ?

Guest

“theyre monetising it using marketing ads. ”

Actually, they’re monetising it by selling any information you have shared with them…