Friday, December 17, 2010

NHS Internet Privacy

I wrote to my MP, Nicola Blackwood, several weeks ago asking her to sign the early day motion on NHS internet privacy first signed by Tom Watson MP:
That this House notes with serious concern that the pages of the NHS Choices website allows third-party advertising and tracking companies, including Google and Facebook, to track people's internet browsing habits; believes that it is inappropriate for advertising and social networking companies to observe what an individual is viewing on a Government website that deals with sensitive medical information; further notes that the sharing of personal data of its users with companies outside the European Economic Area and with for-profit advertising companies may render the NHS in breach of its data protection obligations to the Information Commissioner's Office; and calls on the Department of Health to review its policy to ensure the privacy of all users of its websites is protected.
I've had the following reply from her this afternoon.
Dear Mr Corrigan,

Thank you for contacting me about the issue of data protection on the NHS Choices website and I apologise for the delay in my reply.

I can understand your concerns, but it is worth noting that the use of Facebook functionality on NHS Choices was initiated under the previous administration.

The issue of Facebook capturing data is not restricted to just NHS Choices. Data transfer happens across the whole range of sites and applications on the internet, and is a result of how users’ internet browsers are set up and how people log out and close down sites.

The Government informs me that NHS Choices has strict privacy policies which are in line with the Data Protection Act. As well, Facebook capturing data from sites like NHS Choices is a result of Facebook’s own system. When users sign up to Facebook they agree Facebook can gather information on their web use from their computer. NHS Choices privacy policy, which is on the homepage of the site, makes this clear.

The Government has asked the NHS Choices service to increase the prominence of information informing users of the potential for information about their activity being captured by services like Facebook, including what actions they can take to restrict this.

I hope you find this information helpful and thank you again for taking the time to contact me.

Kind regards,

Nicola Blackwood MP
So the party line seems to be:
  • It is not this government's fault it's the previous lot
  • People leak personal data all over the internet
  • NHS Choices has a privacy policy, that the government believes is in line with the Data Protection Act; 
  • Facebook is a personal data harvester
  • The government will ask NHS Choices to warn people they leak personal data on the Net
I tried to be polite in responding.

Dear Ms Blackwood,

Thanks for your response.

Yes it was the previous government that this started under.

Yes people leak an inordinate amount of personal data on the internet.

Yes Facebook harvest personal data.

The NHS Choices privacy policy may or may not be in compliance with the Data Protection Act but that is largely immaterial if the operation of the site breaches the Act.

NHS Choices warning people they leak personal data on the internet is not going to solve the fundamental problem.

The site is built and operated in such a way as to facilitate the routine harvesting by third parties of the personal details of people seeking advice from a government website, often about intimate medical matters.

The social media, third party tracking features were no doubt innocently included originally to drive traffic to the site.  They are just not appropriate in the case of this kind of site. The government or the NHS should not being routinely sharing people's specific desire for information about particular medical matters with third parties, without consent.

I have little doubt that personal data pollution is going to be the environmental disaster of the information age but the sooner we start to tackle it the better chance we have of getting it under control.  In the case of NHS Choices the question of whether the site should be fixed to limit data sharing is not even a hard one.  That the government should prevaricate in this way when you ask for advice on how to respond on this matter leaves me seriously concerned that when it comes to dealing with the serious problems in this area, they will be found sadly wanting.

I understand, as a new MP, you have a lot of things to get to grips with and apparently obscure technical policy won't necessarily be top of your list of priorities; but I hope you're managing to settle into your new role now and beginning to get things under control in a way which will enable you to take an active interest in such matters as the parliament progresses.

Kind regards,


No comments: