Some of the largest mental health support organisations in Britain gave Facebook information about private web browsing for its targeted advertising system.
The data was delivered via a monitoring mechanism installed in the charities’ websites and includes details of URLs a user visited and buttons they clicked across content linked to depression, self-harm and eating disorders.
Additionally, it included information about the times visitors saw pages to access online chat tools and when they clicked links that said "I need help" in order to request assistance. Some of the pages that caused data sharing with Facebook were particularly targeted towards youngsters, such as a page for 11 to 18-year-olds that provided guidance on how to deal with suicidal thoughts.
Details of conversations between charities and users or messages sent via chat tools were not included in the data sent to Facebook during the Observer's analysis. All of the charities emphasised that they took service user privacy very seriously and that such messages were confidential.
However, it frequently involved browsing that most users would consider private, such as information about button clicks and page views on websites for the eating disorder charity Beat as well as the mental health charities Mind, Shout, and Rethink Mental Illness.
The data was matched to IP addresses, which are typically used to identify a specific person or home, and, in many cases, specifics of their Facebook account ID.
The tracking tool, known as Meta Pixel, has now been taken down from the majority of charity' websites.
The information was discovered following an Observer investigation last week that exposed 20 NHS England trusts sharing data with Facebook for targeted advertising. This data included browsing activity across hundreds of websites related to particular medical conditions, appointments, medications, and referral requests.
Facebook says it makes explicit that businesses should not use Meta Pixel to gather or distribute sensitive data, such as information that could expose details about a person’s health or data belonging to children. It also says it has filters to weed out sensitive data it receives by mistake. However, prior research has indicated that they don't always work, and Facebook itself acknowledges that the system "doesn't catch everything".
The social media giant has been accused of doing too little to oversee what information it is being supplied, and faced questions over why it would allow some entities – such as hospitals or mental health organisations – to send it data in the first place.
