Privacy policy disclosures of behavioural tracking on consumer health Websites

Abstract

AbstractMany Internet users are seeking health information online, encountering significant privacy risks in the process. Historically, these risks are associated with personally identifiable information, but behavioural tracking presents a new and increasing threat to privacy. In this paper, we analyze the disclosure, in a set of website privacy policies, of the collection of non‐personally identifiable information by consumer health information websites. The websites all engage in first and third party behavioural tracking using cookies and web beacons, and are among the sites recommended by consumer health sections of the Medical Library Association or the Canadian Health Libraries Association (see Burkell and Fortier, 2012, 2013). Our analysis reveals that while the majority of these sites disclose both first party (6/7) and third party (5/7) behavioural tracking, the language used in these disclosures is difficult to understand, tending to minimize behavioural tracking and obfuscate agency in the tracking process. These results suggest that consumer health information website privacy policies do not provide optimal disclosure of behavioural tracking practices. Library and information science professionals should work with users to ensure they are aware of the behavioural tracking practices of the websites they visit, assisting them to interpret the disclosures provided in website privacy policies.