NHS trusts passed on private patient information to Facebook – report

The Meta Pixel tool passed on intimate details including medical conditions, appointments and treatments to the tech giant.

Alana Calvert
Sunday 28 May 2023 06:53 BST
NHS trusts have been exposed with sharing the private information of patients with Facebook, an investigation by The Observer has revealed (Dominic Lipinski/PA)
NHS trusts have been exposed with sharing the private information of patients with Facebook, an investigation by The Observer has revealed (Dominic Lipinski/PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

NHS trusts shared the private information of patients with Facebook, an investigation by The Observer has revealed.

A probe by the newspaper found a covert tracking tool was being used by the websites of 20 NHS trusts to collect browsing information and share it with the tech giant in a major breach of privacy.

The Meta Pixel tool passed on intimate details about patients to Facebook, including medical conditions, appointments and treatments without people’s consent.

The data obtained can be used by the social media giant’s parent company, Meta, for business purposes, including targeted advertising.

According to The Observer, 17 of the 20 NHS trusts found to be using Meta Pixel confirmed they had pulled the tracking tool from their websites over the weekend.

Many of the trusts said they installed the tracking pixels to monitor recruitment or charity campaigns and were not aware that they were sending patient data to Facebook.

One of the trusts, Buckinghamshire Healthcare NHS trust, previously said in its privacy policy that “confidential personal information about your health and care… would never be used for marketing purposes without your explicit consent”.

In a statement to the Observer, the trust apologised to patients and said Meta Pixel had been “installed in relation to a recruitment campaign, and we were not aware that Meta was using this information for marketing purposes”.

“Immediate action has been taken to remove it,” a spokesperson from the trust added.

The Information Commissioner’s Office (ICO) is investigating.

Earlier this month, Meta was fined 1.2 billion euro (£1 billion) and ordered to stop transferring user data from European users to its US servers.

The record fine was levied by Ireland’s Data Protection Commission (DPC) after a three-year probe into the social media giant.

The DPC said Meta had breached part of the European GDPR (General Data Protection Regulation) rules in the way that it had moved data of Facebook users across borders.

It ordered Meta Ireland to “suspend any future transfer of personal data to the US within the period of five months” and also levied a record fine on the business “to sanction the infringement that was found to have occurred”. Meta called the fine “unjustified”.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in