An investigation has revealed that NHS websites are routinely sharing individuals' health information with tech giants like Google and Facebook without obtaining users' consent.

These tech companies are collecting users' browsing data to construct detailed profiles for targeted advertising purposes, potentially exposing sensitive medical conditions such as cancer or gambling addiction.

By tracking browsing habits through cookies placed on users' computers, these tech giants can compile comprehensive profiles, including personal details like name, age, and address if accessed on the same device used for social media accounts.

Despite regulations in place to protect user data, a study by digital agency 7DOTS found widespread non-compliance among UK health and social care providers. Analyzing over 3,500 organizations' websites, the investigation revealed that 59% failed to comply with General Data Protection Regulation (GDPR) guidelines.

Even among the sites utilizing reputable cookie consent management platforms, 63% disregarded users' opt-out requests. While researchers attributed this lapse to web editors' misconfigurations rather than malicious intent, they emphasized the need for more cautious handling of sensitive health information.

Common vendors found on non-compliant sites included Google Analytics, Facebook, Google, and YouTube. Despite GDPR's strict regulations aimed at ensuring responsible data handling, 7DOTS' findings underscored significant concerns regarding patient data safeguarding.

The prevalence of compliance failures raises alarms about the security of personal health information online, prompting calls for stricter adherence to GDPR guidelines to protect users' privacy and confidentiality.