ICO looks into NHS sharing data with Facebook

 

Gallery

By Nicole Kobie

Posted on 26 Nov 2010 at 14:39

The UK's data watchdog has asked the Department of Health for an explanation of its data-sharing agreement with Facebook.

The NHS Choices website features Facebook's "Like" button. That means that when users access the health information site while logged into Facebook, data about which page they're visiting is passed back to the social-networking site.

The data sharing was highlighted by Mischa Tuffield, a software developer with identity protection firm Garlik, who claimed logging out and clearing cookies is still not enough to avoid Facebook's eye.

There are few things more sensitive to an individual than their health information

The Information Commissioner's Office has now asked the DoH for an explanation.

“There are few things more sensitive to an individual than their health information," the watchdog said. "We have contacted the Department for Health to find out whether any details of individuals consulting the NHS Choices website are available to third parties."

The ICO hasn't started a formal investigation into the issue, with a spokeswoman explaining the conversation between the two bodies was in "very early stages".

Political pressure

The department is also facing parliamentary pressure, with an early day motion filed by Labour MP Tom Watson earlier this week suggesting the DoH may have breached the Data Protection Act.

Watson also wrote an open letter to Andrew Lansley, the secretary of state for health, asking him to reconsider the data sharing.

"Imagine for example, if you or a close colleague had an embarrassing ailment, say genital warts," he wrote. "The current settings of the site allow third-party applications to know that you have visited the part of the NHS site that lets you know how to treat genital warts."

"I urge you to take steps to ensure that third-party websites should not have access to such information," he added. "This could be simply achieved by ensuring all third-party interaction is run on an opt-in system, rather than the current opt-out model."

The ICO said it was told the DoH would also be issuing a "full clarification" of its agreement with Facebook and other web firms in response to the motion.

Despite the pressure, the DoH has so far not removed the Facebook Like button, and has no intention of doing so, a spokesman said, explaining that it was instead looking for ways to make its privacy policy more clear to users.