The NHS Choices website incorporates Facebook's "Like" button, which enables users to share information they find useful on their social networking profile. But the NHS has come under fire over whether users are actually aware of how much information the "Like" button transmits to Facebook, considering that Choices deals with health information.
The brouhaha started with a blog post from Mischa Tuffield, a developer at Garlik, a company that specializes in prevention of identity theft. He found that NHS Choices uses four third-party advertising services or trackers on its health information pages.
Two of the trackers, from Google Analytics and webtrendslive.com, appear to be for analytics purposes. Another is addthiscdn.com, a social bookmarking tool, while the fourth is Facebook's "Like" button. If clicked, that button shares the content of the Web page carrying it on the visitor's Facebook profile page.
Attention has focused on the presence of Facebook's Like button on the site. If a person is logged into Facebook and visits a Choices web page, information about that visit is transmitted to both Facebook and the NHS. Facebook will see a visitor's Facebook user ID, computer operating system and IP (Internet protocol) address, among other information.
If a visitor clicks the "Like" button, Facebook analyzes the page and focuses on keywords -- such as "back pain" -- to deliver targeted advertisements to the user, although it says the data on the web pages visited is not shared with advertisers.
Even if a visitor to NHS Choices is not logged into Facebook, the social networking site will still receive the person's IP address and operating system version, but not their user ID. Facebook will retain that data for 90 days before deleting it, an industry-accepted time frame, according to a company spokeswoman.
The primary question revolves around whether users are actually aware of what's going on.
Tom Watson, Member of Parliament for West Bromich East, wrote to the U.K.'s Secretary of State for Health earlier this week to point out that it could be embarrassing if information collected on users was leaked.
"I understand the demands to offer government service online but this should not be achieved at the price of privacy," Watson wrote. "I urge you to take steps to ensure that third-party websites should not have access to such information. This could be simply achieved by ensuring all third party interaction is run on an opt-in system, rather than the current opt-out model."
"Facebook capturing data from sites like NHS Choices is a result of Facebook's own system," the NHS said. "When users sign up to Facebook, they agree Facebook can gather information on their web use."