The UK Information Commissioner’s Office (ICO) is to weigh in on the security of healthcare websites amid claims personal data is being shared with third-party’s – on the same day it issued a scathing rebuke to adtech firms for retaining personal information.
Concerns over the handling of sensitive medical data centre on an investigation by the Financial Times which used open-source tools to analyse 100 separate health-related websites, only to find that 79% of these allowed third-parties to track people’s wider web history via cookies without first obtaining legal consent.
The allegation includes popular portals such as WebMD, Healthline and Bupa which are among those said to have shared details of symptoms, fertility and prescriptions with tech companies such as Amazon, Oracle and Google.
Separately the watchdog has found that the adtech sector has been retaining personal data retrieved during the real-time programmatic bidding process, with information such as individual sexual orientation or political affiliation being processed without permission.
A growing consensus is emerging for the need to tighten up the real-time bidding process by introducing greater consistency and transparency to the process.
The ICO is expected to make a formal statement on its real-time bidding investigation over the coming weeks although its parallel health sector inquiry remains at an early stage.