It has been revealed that NHS trusts have been sharing confidential medical information of millions of patients with Meta without their consent. The data is being collected using Meta Pixel, which adds a snippet of code to websites in order to track website visitor activity.
The data collected includes specific details about the pages viewed, buttons clicked, and keywords searched on the NHS websites and is matched with the user's IP address and Facebook account. As an indication of the seriousness of the breach, the data collected could reveal medical information such as appointment bookings, repeat prescription orders, and referral requests.
Meta can use this information for its own business purposes, including targeted advertising. Following the discovery, 17 of the trusts have confirmed that they have removed the tracking tool from their websites, and eight trusts have apologised to patients. An investigation by the Information Commissioner's Office is ongoing.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.