Abstract
With digitalization, the use of essential social and healthcare services online has become increasingly prevalent. In this paper, we conduct a survey on the websites of Finnish social and healthcare districts and determine to what extent, if any, they leak their users’ personal data to third parties through the use of the collection and tracking of user data and actions with the web analytics tools. Our findings show that 82.6% of the studied websites leaked personal data to outside actors, but the extent and contents of these data leaks varied. Our study also demonstrates that in many cases, privacy policies of the studied websites do not always report personal data items transferred to third parties and fail to adequately inform users. The cookie banners of the studied websites were also found to contain several dark patterns.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
The HTTP Archive format is a file format for recording a web browser’s interactions with a website.
- 3.
- 4.
References
Bailey, J., Laakso, M., Nyman, L.: Look who’s tracking: an analysis of the 500 websites most-visited by finnish web users. Informaatiotutkimus 38(3–4), 20–44 (2019)
Brown, S.D., Levy, Y.: Towards a development of an index to measure pharmaceutical companies’ online privacy practices. Online J. Appl. Knowl. Manag. 1(1), 93–108 (2013)
Burkell, J., Fortier, A.: Consumer health websites and behavioural tracking. In: Proceedings of the Annual Conference of CAIS/Actes du congrès annuel de l’ACSI (2012)
Burkell, J., Fortier, A.: Privacy policy disclosures of behavioural tracking on consumer health websites. In: Proceedings of the American Society for Information Science and Technology, vol. 50, pp. 1–9. Wiley Online Library (2013)
Friedman, A.B., Bauer, L., Gonzales, R., McCoy, M.S.: Prevalence of third-party tracking on abortion clinic web pages. JAMA Intern. Med. 182(11), 1221–1222 (2022)
Friedman, A.B., et al.: Widespread third-party tracking on hospital websites poses privacy risks for patients and legal liability for hospitals. Health Aff. 42(4), 508–515 (2023)
Gamalielsson, J., et al.: Towards open government through open source software for web analytics: the case of matomo. JeDEM-eJ. eDemocracy Open Gov. 13(2), 133–153 (2021)
Heino, T., Carlsson, R., Rauti, S., Leppänen, V.: Assessing discrepancies between network traffic and privacy policies of public sector web services. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp. 1–6 (2022)
Hiilamo, H.: Why did social and healthcare services reform fail in finland? Socialmedicinsk tidskrift 97(3), 433–441 (2020)
Hirvensalo, E., Asko-Seljavaara, S., Haahtela, T., Leppäniemi, A., Tukiainen, E.: Sote-uudistus ei toteuta säästöjä eikä parempaa hoitoa. Suomen lääkärilehti (2017)
Huesch, M.D.: Privacy threats when seeking online health information. JAMA Intern. Med. 173(19), 1838–1840 (2013)
Huo, M., Bland, M., Levchenko, K.: All eyes on me: inside third party trackers’ exfiltration of phi from healthcare providers’ online systems. In: Proceedings of the 21st Workshop on Privacy in the Electronic Society (WPES 2022), pp. 197–211. Association for Computing Machinery, New York (2022)
Jalonen, H.: Sote-uudistus: mitä, kuka, missä ja miten? (2021)
Masters, K.: The gathering of user data by national medical association websites. Internet J. Med. Inform. 6(2) (2012)
Schnell, K., Kaushik, R.: Hunting for the Privacy Policy - Hospital Website Design (2022)
Surani, A., et al.: Security and privacy of digital mental health: an analysis of web services and mobile apps. In: Conference on Data and Applications Security and Privacy (2023)
Vauramo, E.: Miten sote-uudistus toteutetaan?
Wesselkamp, V., Fouad, I., Santos, C., Boussad, Y., Bielova, N., Legout, A.: In-depth technical and legal analysis of tracking on health related websites with ernie extension. In: Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society (WPES 2021), pp. 151–166. Association for Computing Machinery, New York (2021)
Yu, X., Samarasinghe, N., Mannan, M., Youssef, A.: Got sick and tracked: privacy analysis of hospital websites. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 278–286. IEEE (2022)
Zheutlin, A.R., Niforatos, J.D., Sussman, J.B.: Data-tracking on government, non-profit, and commercial health-related websites. J. Gen. Internal Med. 1–3 (2021)
Acknowledgements
This research has been funded by Academy of Finland project 327397, IDA—Intimacy in Data-Driven Culture.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Puhtila, P., Vuorinen, E., Rauti, S. (2024). Third-Party Data Leaks in the Websites of Finnish Social and Healthcare Districts. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Poniszewska-Marańda, A. (eds) Good Practices and New Perspectives in Information Systems and Technologies. WorldCIST 2024. Lecture Notes in Networks and Systems, vol 985. Springer, Cham. https://doi.org/10.1007/978-3-031-60215-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-60215-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60214-6
Online ISBN: 978-3-031-60215-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)