Using its website to report crimes, such as sexual offences, domestic violence, and other crimes, the most powerful police force in the country gathered sensitive details about the people using the site. Observer reports that Facebook shared users' data to target advertising to them during their visit.
As part of the analyses, the Metropolitan Police website included a tracking tool that recorded information about people's browsing activity and about the "secure" online reporting form they used to report crimes and crimes against them.
Using a tracking tool called a Meta Pixel used on the police force's website, the police force sent the information, which included the type of offence being reported and the Facebook profile code of the user, to the social media giant.
A week after The Observer published its findings on Meta Pixel tracking, the Met removed the tracker from its website. This was after The Observer raised concerns about its use. There is something wrong with this approach as it demonstrates a lack of respect for human rights and human dignity. Additionally, the report added that no personal data - such as the messages they sent to police when reporting a crime - was exchanged with the police based on the responses they provided.
There was a suggestion that data transmission had been accidental. A tracking tool has been installed at Met to help serve ads to people who indicate they are interested in becoming a Met member. Several steps were taken to ensure that any Meta Pixels from pages that were not related to recruitment marketing campaigns on the Met's website, as well as any Pixels placed on pages that were not related to recruitment, were removed to avoid unnecessary concerns.
When the Observer analysed police websites across England, Wales, Scotland and Northern Ireland, it found that the Met was using the pixel to track its visitors. The tool was found to be being used by four police forces, including the Metropolitan Police, during the testing last week. Additionally, there were three other police forces involved: Police Scotland, Norfolk Constabulary, and Suffolk Constabulary.
As with the Met, Norfolk and Suffolk have also provided data about how people access sensitive web pages. This data was shared with the Met. As a result of this, Norfolk and Suffolk police have said they have been using the tracking tools “for recruitment purposes” when web visitors clicked links to report antisocial behaviour, domestic abuse, rape, hate crimes, and corruption, as well as when they clicked the “Tell us something anonymously” button. The tracking tools, Norfolk and Suffolk police have said, were used “for recruitment purposes”.
There is criticism from victims' charities and privacy experts who have called this exchange of data a shocking violation of trust, one that could undermine the confidence of the public in the police.
Dame Vera Baird, the former victims’ commissioner, said: "You think you are dealing with a public authority you can trust and you are dealing with Facebook and the wild world of advertising."
Using advertising pixels in this context, said Mark Richards, a privacy researcher who focuses on online privacy, is like asking a person to report a crime while a stranger is present in the room.
The Alan Turing Institute's director of ethics, Prof David Leslie, has said that the collection and sharing of the data feels "reckless", and that people appear to have been given "partially" or "misleading" information about how their data will be considered.
The UK's privacy watchdog, the Information Commissioner's Office, said in a statement that the findings raised serious privacy concerns.
These sites are for the convenience of crime victims, as well as their family members and witnesses. They would expect their information to be handled thoughtfully," the report said. There is already an investigation being conducted by it into the use of the Meta Pixel by NHS trusts on their websites, and according to it, the latest evidence will be taken into account.
To reach people who have visited their websites in future marketing campaigns, businesses use Meta Pixel. This is a free tool offered by Facebook that gives them access to tracking information on people who have visited their sites.
As part of their marketing arsenal, Facebook is pitching this tool as a way for organisations of all sizes to gain insight and insight into the performance and behaviour of their websites, as well as that of those who do not have Facebook accounts.
As the Meta Pixel collects unique identifiers, such as IP addresses and Facebook profile IDs, there does not seem to be any evidence that the company has attempted to identify people as victims of crimes or that they have targeted them with advertisements based on their status as victims or witnesses, even though this is the case. The details of interactions with the police are not included in the information shared with the company on the website. However, there is no hint that this information is shared with the company as part of the information shared.
According to the Observer's investigation, many police websites share data with Google for advertising, in addition to Facebook. It is noteworthy that this information included that a person had visited a police website, but didn't appear to provide further information regarding the types of sensitive websites they visited or their use of online reporting tools or online forms. A police force and a military force are also believed to have shared data with Twitter to allow them to advertise their services. The ICO's chief digital privacy adviser, Stef Elliott, described the problems with Google advertising to the watchdog earlier this month following a report she made about the issue. Elliott described the problem as "systemic," according to her.
A consent banner pops up after a web user clicks the "I agree" button on a police website, including the Met site after being shown a pop-up consent banner that asks for consent to share data. On the banner, you would normally see the words "We use cookies on this site to give you a better, more personalized experience," without ever mentioning advertising or saying that the data would be shared with third parties, like Facebook, for example. As the Met's privacy statement stated, data collected may be utilized for recruitment campaigns. However, the information collected may not be used by third parties for business purposes. However, the Met's privacy statement also mentioned advertising but said the information would only be used for recruitment campaigns and not for third-party use.
