Government and health websites are tracking you — but it’s that other “deep state” at work

You might expect more tracking at an online shop for baby clothes compared to a German site about maternity leave – but you could be very wrong. A study from Cookiebot found 63 private trackers on a single German public site on maternity benefits. That’s also just the start as their study found trackers embedded on a huge array of health and government sites across the EU.

In our modern “surveillance economy” era, we expect that everything done on a commercial website will be tracked – who we are, our device details, how long we stay there, and what we click on. After all, it’s a business and they are selling something. But, what about our dealings with the state or health entities? Shouldn’t these sites be somehow more private than those other ones?

Not so private at all

This question is just what Cookiebot – a firm which has developed its own tool for monitoring cookie and GDPR compliance – set out to answer in their study. They found trackers on the vast majority of government sites – a whopping 89% — which were able to track visitors.  On official government sites, 25 out of 28 contained trackers – especially those in Belgium, France, Greece, and Latvia. On the bright side, Dutch, German, and Spanish government sites had no commercial trackers detected.

Public health services did not exactly have a clean bill of health either – at least in regards to privacy. Cookiebot made up 15 questions on themes covering HIV infections, mental health, and cancer – then looked at the official health sector sites that came up. Just over half of these web pages had commercial trackers. Cookiebot also pointed out that this health information is in a “special category” that should get closer protection under Article 9 of the GDPR. While Germany was better than the EU average – a third of these web pages still had trackers.

Oh look, a free tool

The study pointed out two ways that trackers get incorporated into sites. First, they came disguised as handy tools with many free website plugins that do everything from sharing articles to managing user comments These, according to the study authors, act as Trojan horses to let trackers get inserted into the website code. Second, there is Google with those wonderful platforms such as Google Maps and their ability to share data with Google’s own trackers.

It’s not THAT Deep State

The study repeatedly used the term “commercial trackers” to emphasize a point – it’s not the government itself that is doing the tracking. The villain this time is an army of data privateers – made up of 102 known and ten unknown entities – and their technical portfolio of data trackers. Those last ten unknown companies were actively hiding their identity.

Google was the single biggest privacy intruder, with three out of the top five trackers on government websites and both of the top two trackers found on health service landing pages also belong to Google. By controlling YouTube.com, DoubleClick.net, and Google.com, they are able to track visitors to 82% of the EU’s main government websites.

What’s a body gonna do?

Your privacy options are limited. One option is to know your GDPR rights (unless you live outside the EU) including the right to know what data is being recorded. The second is to get a privacy tool on your device such as the EFF’s Privacy Badger which blocks out most trackers. After all, data privacy should be your choice.

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.