Dozens of UK health websites continue to share data such as medical symptom and disease scans on Internet giants such as Google, Amazon, Facebook and Oracle, as well as smaller marketers such as Scorecard and OpenX, according to a Financial Times research.
The newspaper had examined 100 popular British websites with a focus on health and medicine. Thus, 79 percent of websites have cookies that third-party companies can use to analyze the behavior of users on the Internet, such as querying medical symptoms, diagnoses, drug names, and information on menstruation and fertility. According to the newspaper, the forwarding of these data takes place without the express consent of the users and is thus in contradiction to the legal situation in Great Britain.
The main beneficiary of the data transfer is, according to the newspaper report, the Google advertising offshoot, DoubleClick. Data would be forwarded via cookies but also to other potential recyclers.
Concerns also at online pharmacies
Online pharmacies, for example, also manage sensitive usage and health data about their customers. When ordering medicines, cookies can also be used to send data to third-party companies that allow conclusions to be drawn about illnesses.
"It must be prevented that health profiles are created and linked without the knowledge of those affected, for example, with Facebook data," said Sylvia Gabelmann, spokeswoman for drug policy and patient rights at the left-wing fraction SPIEGEL. "It can not be that people agree with a standard click on the first page of an Internet pharmacy, that sensitive health data collected and forwarded."
In a small request to the Federal Government, the former pharmacist criticized the lack of data protection in the pharmaceutical mail-order business with other members of parliament already in February. When ordering medicines online, "health and other social data would necessarily be transmitted". Also, some usage data with cookies would already be collected as soon as users called up the pages - even if they did not order anything.
Even the few users who would previously work through the privacy statements would, according to Gabelmann hardly a chance to make a sufficient picture of the nature and extent of data processing. An express and informed consent is therefore not available.
Controversial partnership in the US
The digital handling of sensitive health data is currently being discussed worldwide. In Germany, data protectors are outraged by the extended use of treatment data for research purposes envisaged by Minister of Health Jens Spahns (CDU). In the US, a partnership between Google and the Ascension organization called for the US Department of Citizens' Rights in the Ministry of Health. As the Wall Street Journal reported, the Citizens Rights Agency wants to ensure that millions of citizens' health data are not misused. Ascension manages 2,600 healthcare facilities, including 150 hospitals and 50 retirement homes.
The criticized project "Nightingale" is named after the British nurse Florence Nightingale, who used statistics in the Crimean War in the 1850s to better care for patients. Google confirmed that patients' health records are stored in a cloud that can be centrally managed by Ascension. The patient data is currently not linked to Google's customer data - and will not be the case in the future, said cloud-responsible Google manager Tariq Shaukat.