Several university, charity, and police websites intended to help individuals seeking assistance for issues like sexual abuse, addiction, or mental health are inadvertently gathering and sharing sensitive data with advertisers. This occurs due to tracking tools such as Meta Pixel and Google Analytics embedded on these sites, allowing advertisers like Google and Meta to access personal data from visitors who are seeking support. This data includes demographic information, browsing behaviors, and device details. Even when users consent to cookies, the sites fail to adequately explain how their data will be used by advertisers. Experts warn of the widespread lack of awareness regarding tracking technologies and the potential risks associated with sharing sensitive information with advertisers without informed consent.
Stef Elliott, a data governance expert, identified over 50 sensitive sites with these tracking tools, including those related to sexual abuse, health conditions, and child protection. While the issue was highlighted in 2023 with the Met Police’s use of Meta Pixel, it is a systemic problem that goes beyond one organization or tracking tool. There is concern that individuals may be discouraged from seeking help if they believe their sensitive data is being shared with third parties. Mark Richards, an online privacy researcher, likened this invasive tracking to trespassing and emphasized the erosion of privacy and trust in online environments.
The experts stress the “black box” nature of the online advertising ecosystem, where data collected from individuals is sent to major tech companies with little transparency on its use. They express concern over discriminatory profiling based on personal data and the exploitation of vulnerable individuals for targeted advertising. The lack of awareness among organizations using tracking tools contributes to these privacy violations, exacerbated by the dominance of big tech firms and the ease of deploying tracking technologies.
Google and Meta maintain that they do not permit advertisers to send sensitive information through their tools and have policies in place to prevent the misuse of data. However, there is skepticism around the actual practices of these companies and their role in facilitating data sharing with advertisers. The Information Commissioner’s Office (ICO) has been slow to address the issue, with limited regulatory action taken against organizations violating data protection laws. Calls for antitrust legislation and stronger enforcement by regulators highlight the need to protect individuals’ privacy and data rights in the digital age.