Our ref: DE00000569856
Dear Mr/Ms John,
Thank you for your email of 25 November to the Department of Health requesting, under the Freedom of Information (FOI) Act, information relating to NHS Choices and Facebook. Your email has been passed to me for reply.
Your email stated:
“ I note the www.nhs.uk web site includes third party content drawn
"When visiting NHS Choices pages that display a Facebook Like
button, information relating to the date and time of your visit,
the web page you are on (commonly known as the URL) and other
technical information about the IP address, browser and operating
system you use will be collected by Facebook. If you are logged
into Facebook, your user ID number will also be associated with the
information mentioned above.”
Please could you disclose to me ;
· Correspondence between the DoH and Facebook concerning the introduction of the Facebook code
· The technical means I can use to prevent this intrusive monitoring taking place when I consult the NHS Choices web site for health information
· The technical reasons why this code could not be hosted on a first party URL (so avoiding a third party request to Facebook)
· Any consideration given by the DoH to the ethics of involuntarily conveying information about the health concerns of NHS users to an American social network.”
I have responded to your query in the order you posed them.
Correspondence between the DoH and Facebook concerning the introduction of the Facebook code .
There was no correspondence between the DH and Facebook regarding the introduction of the Facebook ‘Like’ function onto NHS Choices.
The technical means I can use to prevent this intrusive monitoring taking place when I consult the NHS Choices web site for health information
The technical reasons why this code could not be hosted on a first party URL (so avoiding a third party request to Facebook)
The ‘Facebook Like’ function is achieved through the use of an ‘iFrame’ (a small piece of embedded code from Facebook).
The design of the ‘Facebook Like’ function is such that the user must be identified as a Facebook user by Facebook. This is achieved by accessing a ‘cookie’ (a small piece of text stored on a local computer containing information) on the user’s computer. For security reasons, only the website (or domain) that placed the cookie on a user’s computer can access that cookie.
We are assessing the options for alternative approaches, but these would necessitate a change to the user experience, such as multiple ‘clicks’ or loss of functionality. Once we have completed the assessment any alternative options will need to be ratified and agreed by our user councils and other governance structures
Any consideration given by the DoH to the ethics of involuntarily conveying information about the health concerns of NHS users to an American social network
NHS Choices does not hold any personal or sensitive health information. Therefore, at no time does NHS Choices pass personal health information to any third party.
I hope this reply is helpful. If you have any queries about this response, please contact me. Please remember to quote the reference number above in any future communications.
If you are dissatisfied with the handling of your request, you have the right to ask for an internal review. Internal review requests should be submitted within two months of the date of receipt of the response to your original letter and should be addressed to:
Head of the Freedom of Information Team
Department of Health
Email: [email address]
If you are not content with the outcome of your complaint, you may apply directly to the Information Commissioner’s Office (ICO) for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the Department. The ICO can be contacted at:
Information Commissioner’s Office
Freedom of Information Team
Department of Health