UK Councils Found to be Pushing Credit Card Adverts on Benefits Pages

UK local council websites have been showing high-interest credit card ads to people seeking benefits advice. A recent investigation by the BBC discovered more than 950 advertising cookies embedded in council benefits pages.

The Information Commissioner’s Office (ICO) said it would be studying the findings, which revealed that the majority of local authorities are failing to use compliant forms of consent under data privacy laws.

The advertising industry denies using data from vulnerable residents.

The BBC Shared Data Unit used webXray to take a snapshot over two days last October of more than 400 council benefits pages.

webXray is an open source software tool that is used for analyzing third-party content on webpages and identifying companies that collect user data.

More than 50 percent of UK councils were found to have third-party advertising cookies on the benefits pages of their websites. In total there were 950 cookies discovered. More alarmingly, more than two-thirds of councils did not appear to be asking website visitors for the apprpriate form of consent according to privacy laws.

Reportedly, the BBC saw various examples of targeted adverts on benefits pages, including high-interest credit cards, Black Friday deals, sports cars with features for disabled people and private funeral care plans.

The ICO said the setting of non-essential cookies without peoples’ consent is illegal. ICO executive director for technology policy and innovation Simon McDougall said:

This investigation by the BBC further highlights our concerns about the lack of transparency and consent when adtech is used. … While the ICO is keen to promote innovative uses of technology, that cannot be at the expense of people’s fundamental legal rights. We will be assessing the information provided by the BBC.

UK councils’ websites sharing visitors’ data

Percentage of benefits pages with third-party advertising cookies

 

 

Percentage of pages with cookies.jpg
Percentage of pages with cookies.jpg

UK non-profit privacy advocacy group, Privacy International (PI), is concerned about the impact that targeted advertising has had on the internet as a whole.

Technologist Eliot Bendineli said:

It’s just a wild west, … There are thousands of things happening every second when you load a page, and you literally have no control. … Tracking people through benefits pages is sadly typical. It’s always the people that are already vulnerable who are going to suffer the most.”

What are cookies?

A cookie is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past).

They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit-card numbers.

Third-party advertising cookies help companies deliver ads that are relevant to each individual user’s browsing habits.

Tim Libert, a computer scientist at Carnegie Mellon University said:

I’ve been a web developer since the late 1990s and a privacy researcher for the past seven years. This may be the most unexpected place I’ve seen an ad online,

What is the law?

The General Data Protection Regulation (GDPR) which became law in May, 2018, has strict rules concerning the collection, handling and sharing of personal data that could identify an individual.

This means any organization that collects, stores or shares peoples’ data is required to protect the rights of individuals —or face a hefty fine.

Sitting alongside GDPR are the Privacy and Electronic Communications Regulations, which demand full active consent from users before tracking cookies are embedded on browsers.

Professor Tim Libert, a computer scientist at Carnegie Mellon University and creator of the webXray tool used in the BBC’s investigation, said:

I’ve been a web developer since the late 1990s and a privacy researcher for the past seven years and this may be the most unexpected place I’ve seen an ad online, …In my view targeting residents through benefits pages is utterly reprehensible, as the most protection should be extended to those most in need.

A spokesperson for disability charity Scope added:

These targeted trackers are cause for concern. … Being served an advert for a credit card or low-cost loan while applying for state financial support could lead to debt and financial insecurity. … Everyone needs to do all they can to make sure disabled people are not unfairly targeted when trying to seek out support.

The ICO has been actively investigating the adtech industry, with a report released in June noting “general, systemic concerns”. The regulator can issue enforcement notices and financial penalties if they detect a breach of data privacy laws.

Some UK councils facing financial pressures exploit online advertising as an additional revenue stream.

According to the BBC, one Welsh council earned just under £15,000 in revenue from online advertising in 2016-17. The Council Advertising Network (CAN) helps around 50 councils generate income through online advertising. It also uses advertising technology to deliver messages about services to residents.

Managing director Lloyd Clark said: “We automatically block all categories of advertising that could be used to target vulnerable groups. The councils have control of these categories.”

Defending the industry, Mr Clark said it existed to serve relevant adverts to the public.

“People don’t like irrelevant adverts. But it’s certainly possible for bad actors to behave like bad actors. … Given the tech furniture present right now we’re in a position where you need to really trust people because the system won’t work without it. It creates a real challenge.

A spokesman for Sheffield Council, which had 25 third party advertising cookies on its benefits pages, said:

Whilst we are reviewing our use of advertising, currently this is an important revenue stream which is used to help fund improvements to our site for citizens. … The advertising is carefully controlled and many categories are not allowed where we deem this to be potentially harmful, particularly to our most vulnerable users.

Privacy International’s Eliot Bendineli said:

Sadly, I think it’s possible they [the councils] might be unaware. You can easily imagine that they don’t have the budget to set up a proper website, or someone who sets it up doesn’t explain how things are working. .. The internet is difficult, and websites are hard to maintain. It’s a full time job and even at Privacy International where we focus on that type of stuff we spend a lot of time maintaining everything we have online. We spend a lot of time making sure it’s secure.

‘Strict policies’

The local government associations (LGAs) of England and Scotland said they would examine the use of cookies and the guidance offered on their sites.

In Northern Ireland, the LGA said each council was responsible for the management of its own website, but “welcomed” the BBC’s findings “to support the ongoing management of council websites”.

The Welsh Local Government Association did not respond to requests for comment from the BBC.

____________________________

Source: BBC Shared Data Unit,

If you liked this story, check out our Premium Privacy Insights for informative articles on wide-ranging global data privacy issues.

Contact the author
Peter Borner
Executive Chairman and Chief Trust Officer

As Co-founder, Executive Chairman and Chief Trust Officer of The Data Privacy Group, Peter Borner leverages over 30 years of expertise to drive revenue for organisations by prioritising trust. Peter shapes tailored strategies to help businesses reap the rewards of increased customer loyalty, improved reputation, and, ultimately, higher revenue. His approach provides clients with ongoing peace of mind, solidifying their foundation in the realm of digital trust.

Specialises in: Privacy & Data Governance

Peter Borner
Executive Chairman and Chief Trust Officer

As Co-founder, Executive Chairman and Chief Trust Officer of The Data Privacy Group, Peter Borner leverages over 30 years of expertise to drive revenue for organisations by prioritising trust. Peter shapes tailored strategies to help businesses reap the rewards of increased customer loyalty, improved reputation, and, ultimately, higher revenue. His approach provides clients with ongoing peace of mind, solidifying their foundation in the realm of digital trust.

Specialises in: Privacy & Data Governance

Contact Our Team Today
Your confidential, no obligation discussion awaits.