Health websites accessed from within Britain are without permission sharing users' sensitive information with online giants, including Google, Amazon and Facebook, the Financial Times reported Wednesday following an investigation.
The business daily said this was done without consent and therefore against the UK legal requirement.
It added that Google's advertising arm DoubleClick was by far the most common destination for the data, while health websites caught up in the process included Drugs.com and the British Heart Foundation.
Europe has tightened up heavily on how websites can use personal data.
The EU's General Data Protection Regulation (GDPR) that came into force 18 months ago binds social media platforms and websites to ensure they have users' explicit consent to collect personal data for advertising purposes or on behalf of third-parties.
© 2019 AFP