Read on Twitter
An NHS app intended to get people from ‘couch to 5k’.
“Analytics and Advertising tracking SDKs. As these features are critical to Our ability to provide users with free, high quality mobile applications it is not possible to opt out from tracking features.” < WTH! No. No. No.
“Analytics and Advertising tracking SDKs. As these features are critical to Our ability to provide users with free, high quality mobile applications it is not possible to opt out from tracking features.” < WTH! No. No. No.
https://twitter.com/nhsuk/status/1035507495891034113
I don’t have time to go through this at the mo .. but I will, given that family has asked me “is it ok from a privacy perspective? .. it is the NHS after all.” <visions of #HanCocksApp 
“We are also working closely with third parties (including, for example, business partners, sub-contractors, delivery services, analytics providers, search information providers) and may receive information about you from them” <much to dig into
“Information We collect about you.
We may use this information: to provide you with targeted advertising that We feel may be of interest to you.”
We may use this information: to provide you with targeted advertising that We feel may be of interest to you.”
“We may share your information with selected third parties including but not limited to:
Business partners, suppliers and sub-contractors for the performance of any contract We enter into with you.” <business partners ?🤔
Business partners, suppliers and sub-contractors for the performance of any contract We enter into with you.” <business partners ?🤔
“We may share your information with selected third parties including but not limited to:
Local councils with which We collaborate to advise and support them in the delivery of their public health function, but only in an anonymised manner.”
Local councils with which We collaborate to advise and support them in the delivery of their public health function, but only in an anonymised manner.”
“We may share your information with selected third parties including but not limited to:
Analytics and search engine providers that assist Us in the improvement and optimisation of Our Site(s).”
Analytics and search engine providers that assist Us in the improvement and optimisation of Our Site(s).”
“Disclosure of your information
We may share your information with selected third parties”
We may disclose your personal information to third parties”
<‘share’ ‘disclose’
We may share your information with selected third parties”
We may disclose your personal information to third parties”
<‘share’ ‘disclose’
And wow. Real-time bidding for advertising.
“Advertising cookies. AppNexus
This is a technology platform (Platform or AppNexus Platform) that We use to buy, sell, and deliver online advertising, including interest-based advertising, mostly through real-time bidding.”
“Advertising cookies. AppNexus
This is a technology platform (Platform or AppNexus Platform) that We use to buy, sell, and deliver online advertising, including interest-based advertising, mostly through real-time bidding.”
“The AppNexus Platform is designed to enable other companies (their clients) to buy, sell, or deliver advertising using “Platform Data” that clients may collect using the Platform, derive from their use of the Platform, or acquire from other sources and then use on the Platform.”
When considering the stated intention to use people’s data for advertising, consider that this app, supports ‘family sharing’ for up to six people 🤔
But hey, PHE graciously advise how you can opt out of App nexus advertising “You can click below to opt out of having the Platform used to select ads for your browser based on your online web browsing behaviour. “ <Except that involves more Ad tracking by AppNexus.
And let’s not forget that the OneYou site leaks referrers .. 🤦♂️
More “Interest-based advertising SDKs - RhythmOne
To identify the interests of users, so that We can deliver advertising that is more relevant to your interests. For more information on RhythmOne and its privacy practices, please visit: Rhythmone.com/about/privacy.….
To identify the interests of users, so that We can deliver advertising that is more relevant to your interests. For more information on RhythmOne and its privacy practices, please visit: Rhythmone.com/about/privacy.….
And, you guessed it, the opt-out involves more Ad tracking .. & quite how the @PHE_uk thinks people will discover all this let alone understand it is beyond me
“Analytics and Advertising tracking SDKs
As these features are critical to Our ability to provide users with free, high quality mobile applications it is not possible to opt out from tracking features.” < stay with me twitter ... you may feel like popping a pill right now but ..
As these features are critical to Our ability to provide users with free, high quality mobile applications it is not possible to opt out from tracking features.” < stay with me twitter ... you may feel like popping a pill right now but ..
But, “Downloading Our Apps is deemed acceptance of these terms” nhs.uk/oneyou/privacy… but don’t worry, cos, “if you are concerned about this type of tracking having downloaded Our App(s) We would recommend deletion of the app” <cos they care about you and your privacy innit
“Interest-based advertising SDKs
You can opt out from receiving Targeted Advertising based on data collected via your mobile applications by following your Device maker’s most current published instructions” 🤦♂️🤦♂️👇
You can opt out from receiving Targeted Advertising based on data collected via your mobile applications by following your Device maker’s most current published instructions” 🤦♂️🤦♂️👇
☝️ how many people downloading the app will (a) reasonably expect a public health app to track their behaviour for targeted advertising? (B) discover the information about Ad tracking (c) are aware of and set anti Ad tracking OS settings? I’m kind of flabbergasted TBH
“When you opt out, We will stop (a) collecting information about your interests via Our Apps and (b) serving you Targeted Ads based on the data collected via Our Apps”
I think serous questions need to be asked of @PHE_uk
I think serous questions need to be asked of @PHE_uk
At no point in the app installation process is a person given any privacy information, especially about ad tracking and targeting.
A privacy policy is linked the bottom of a page found under the ‘support’ icon
The thread so far is based on the privacy policy. Just looking at the ToS “By downloading the App(s) or clicking on the "accept" button below you agree to the terms of this EULA which will bind you. The terms of this EULA include, in particular, the privacy policy” <ooh ‘bind’
Ooh ToS. Using a phone provided by your employer? Asked them for permission to download the app? “You will be assumed to have obtained permission from the owners of the mobile telephone or handheld devices that are controlled, but not owned, by you”
Ooh ToS. “Additionally, by using the App(s) or any Service(s), you acknowledge and agree that internet transmissions are never completely private or secure. “ erm
ToS “By using the App(s) or any of the Service(s), you consent to us collecting & using technical information about the Devices & related software, hardware & peripherals for Services that are internet-based or wireless to improve our products & to provide any Service(s) to you.”
👆very problematic ... consent eh? 🤔 consent is not always required to make processing lawful. But where consent is required .. then this app ain’t meeting the legal standard 🙇♂️
Oh my. “the outcome of any study completed on the data collected (which shall be aggregated and anonymised) may form part of one or more scientific publications and may inform research and policies related to health and wellbeing, mobility, computer science, and related fields”
☝️THAT wasn’t mentioned in the privacy policy. ‘Aggregated’ ‘anonymised’ - which is it as they’re not the same. What standard? What ethics review board are studies and research subject to .... 🤔
Ooh Tos. Bless em. 👀 “In consideration of you agreeing to abide by the terms of this EULA, we grant you a non-transferable, non-exclusive licence to use the App(s) on the Devices, subject to these terms, the Privacy Policy and the Appstore Rules” < far too kind.
Ooh Tos. “Acceptable use restrictions
You must:
(a) not use the App(s) or any Service(s) in any unlawful manner, for any unlawful purpose” <talking of lawful .. I haven’t even started analysing this against ePrivacy & GDPR. 😮
You must:
(a) not use the App(s) or any Service(s) in any unlawful manner, for any unlawful purpose” <talking of lawful .. I haven’t even started analysing this against ePrivacy & GDPR. 😮
👆All this because family asked me if the “NHS app .. couch to 5K” was ok from a privacy perspective.
Well, no. It isn’t ok if the processing set out in the privacy policy is taking place - such as behavioural targeted advertising and real time bidding - in a PUBLIC health app.
Well, no. It isn’t ok if the processing set out in the privacy policy is taking place - such as behavioural targeted advertising and real time bidding - in a PUBLIC health app.
But what I’m hoping is that the tracking and ad targeting and real time Ad bidding are not true and also that the use of data for research etc is subject to various controls and oversight.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
