Third-Party Data Leaks in the Websites of Finnish Social and Healthcare Districts

With digitalization, the use of essential social and healthcare services online has become increasingly prevalent. In this paper, we conduct a survey on the websites of Finnish social and healthcare districts and determine to what extent, if any, they leak their users' personal data to third parties through the use of the collection and tracking of user data and actions with the web analytics tools. Our findings show that 82.6% of the studied websites leaked personal data to outside actors, but the extent and contents of these data leaks varied. Our study also demonstrates that in many cases, privacy policies of the studied websites do not always report personal data items transferred to third parties and fail to adequately inform users. The cookie banners of the studied websites were also found to contain several dark patterns.