Did you know that by signing up to Facebook, you’re allowing it to track your browsing habits across the web, and giving it consent to collect what’s arguably personal and sensitive data? I didn’t.
And explicit consent is important here because, without it, no company can process (or use) an individual’s personal sensitive data without being in breach of the Data Protection Act (DPA).
Which brings me to my point. Last week a story broke about the health website NHS Choices letting Facebook track the browsing behaviour of its users, along with their Facebook IDs, via its ‘Like’ button embedded on some webpages. And according to Garlik, the firm that made the discovery, Facebook users are tracked even if these buttons aren’t actually clicked.
Now, why the NHS would allow a third party website to track its visitors in this way is beyond me. But the real point here is that these webpages contain health and lifestyle advice that could be personal to the browsing individual. Do you want Facebook to know that you’ve looked at a page about a particular disease or condition?
Has your online privacy been breached?
And now we come back to the Data Protection Act. Here at Which? we think that Facebook could be in breach of the DPA if it’s proved that sensitive and personal data has actually been collected without explicit consent. Plus, surely NHS Choices has a duty to prevent sensitive user data from being collected in this manner?
Both Facebook and NHS Choices, of course, deny that any breaches have taken place. So it’s now up to the Information Commissioners Office to investigate. South Korea’s Communications regulator has already taken action, accusing Facebook of violating the country’s data privacy laws and arguing that it needs to do a better job at getting user consent.
I think that Britain’s regulator should also take a good look at Facebook’s privacy policies. Does the company actually ask for explicit consent to track and gather information on what sites we look at? And if you knew that it did, would you still want to keep your Facebook account?