A recent study shows that many mental health websites routinely share and sell information on service users to technology companies and advertisers.
The study found that on over 87 percent of UK based depression websites, cookies were present for the purposes of marketing and advertisement. Of these same websites, an average of twelve third party cookies were found to collect user data before users were even able to consent.
The report, from Privacy International, highlights a major concern with compliance to the EU General Data Protection Regulation (GDPR) that became law as of May 2018. Under this law, users are supposed to be given clear information on how their data may be used, as well as options to consent before any sensitive or personal user data is collected.
However, companies of all shapes and sizes have often fallen short of this deadline.
Terry Ray, CTO of Imperva, expressed concerns that many companies were simply unprepared for changes: ‘Any company that put GDPR off until the last minute now realises compliance cannot be achieved overnight. It does not surprise me that many organisations feel unsure about the idea of a GDPR audit. The truth is many would fail.’
The NHS website features in the Privacy International report, where it admits to falling short of data protection law deadlines. In response to Privacy International’s requests for comment, an NHS spokesperson stated that as of July 2019, the team were ‘in the process of ensuring that we translate [GDPR] guidance into practice on the site. This work will be completed by the end of September 2019’.
They further added, ‘from this point, users will be automatically opted out from all analytic and third party cookies. Users will be specifically asked if they would consent to opt-in.’
However, these protections are still a year late. The question remains: can companies be trusted?
There are ways to bypass some of the problems posed by using websites that gather user data on those people wanting to seek support for mental health.
The most obvious is to use anonymised data when inputting any contact details that may be asked of you on things like mental health questionnaires. If they ask for your email, set up and use a separate email account rather than your personal one. Any cookies can also be manually deleted from your computer.
Alternatively you can contact Samaritans on 116 123 24-hours a day or email firstname.lastname@example.org