Bupa responds to FT investigation
Sharing sensitive health data
Bupa says it does not activate targeted health-related advertising based on user behaviour
Last week we reported that Financial Times had named Bupa, among a number of other leading health websites, as part of an investigation into the sharing of sensitive data with advertising giants such as Google, Amazon and Facebook.
The FT analysed 100 health websites, including WebMD, Healthline, Babycenter and Bupa, to find that 79% of sites dropped ‘cookies' which allowed third-party companies to track individuals around the internet without consent - a legal requirement in the UK.
The investigation found that keywords such as ‘heart disease' and ‘considering abortion' were shared from sites such as British Heart Foundation, Bupa and Healthline to companies including Scorecard Research and Blue Kai (owned by Oracle).
We take the privacy of our customer data extremely seriously
Bupa told COVER that its cookies policy outlines that cookies are used to collect information about users' browsing habits in order to deliver relevant adverts, as well as to limit the number of times they see an advert and to help measure the effectiveness of advertising.
It confirmed, however, that it does not activate any advertising or targeting-based user behaviour on the sections of the site which provides health information to users.
Bupa said it has never passed data to brokers or those selling health products and that it is not possible for an advertiser to buy an audience who have previously visited Bupa.co.uk.
When profiling customers, Bupa said it tailors advertising to audiences who reflect the users of our website, however this is based on general demographics (such as location, age and device usage) and never upon health information. If someone visits the website, it may choose to tailor advertising towards them in future but this is not based on any visits to health information pages, it said.
A Bupa spokesperson said: "We take the privacy of our customer data extremely seriously and our cookies policy - detailing the types of cookies used and the ways in which they are used - is openly available on our website. We do use cookies on our site and this is made clear to all users. However, they are not used for advertising purposes on the pages which provide health information.
"Unique IDs of visitors to the website are shared with selected third parties in order to measure website performance and engagement. Again though, we don't share visitors' health information with any third parties."
Lead generation
Referring to a comment in the original FT article which suggested that online privacy and advertising are incompatible, Contact State's Alain Desmier said: "I see this level of co-dependency the whole time, where everyone assumes that GDPR and data compliance is someone else's responsibility."
"There general attitude of the industry is that the customer journey starts when the first phone call happens, my argument is that it starts when the first click happens and that needs to be completely tracked and logged," he said.
Desmier suggested he sees "serious fraudulent advertising breaches" currently happening a lot.
Further reading
More on PMI
Vitality's American Express cashback card explained
3% cashback each month
Industry reacts to Labour promise of 'free' dental care
'You can tell it's general election season'
Vitality adds rewards including American Express
Part of ‘Vitality Pink’
Vitality launches cancer product
£570 a month benefit
