An investigation carried out by Ingeniøren reveals that public sector websites are sending sensitive personal data from users on to private companies, who then use it, among other things, to generate targeted advertising.
The survey examined 86 different public sector websites and 18 of them generated a cookie used by an advertising network. On top of that, 39 sent data on users on to Google through the web analysis tool Analytics.
All in all, 47 of the 86 homepages sent information on to third parties without giving the user the opportunity to give their consent.
“This means that our internet footprint can be registered and we have no say in the matter,” Thomas Hildebrandt, an academic at the IT University, told Ingeniøren.
READ ALSO: Google may have violated Denmark’s data storage laws
“Perhaps the authorities are doing this in good faith, because the aim is to improve their service, but they are paying for it through citizens’ private lives.”
A special duty of care
Anette Høyrup from the consumer council Tænk thinks the authorities have a special duty of care when it comes to data-sharing, as the interaction the public has with them can include extremely sensitive information.
“It could be anything from divorce to looking after the children to tax affairs, so the authorities have a special responsibility,” Høyrup said.
Spam, spam, spam
The purpose of the advertising network, which one out of every five public sector websites uses, is simple. It uses cookies that are saved on the user’s PC and then used to construct a profile of the individual user. It can predict which adverts he or she is susceptible to.
Sites using Google Analytics send users’ IP addresses, browser information, screen information and much more to the IT giant, along with information about which sites the user visits.