Madhumita Murgia and Max Harlow:

Some of the UK’s most popular health websites are sharing people’s sensitive data — including medical symptoms, diagnoses, drug names and menstrual and fertility information — with dozens of companies around the world, ranging from ad-targeting giants such as Google, Amazon, Facebook and Oracle, to lesser-known data-brokers and adtech firms like Scorecard and OpenX.

Using open-source tools to analyse 100 health websites, which include WebMD, Healthline, Babycentre and Bupa, an FT investigation found that 79 per cent of the sites dropped “cookies” — little bits of code that, when embedded in your browser, allow third-party companies to track individuals around the internet. This was done without the consent that is a legal requirement in the UK.

Google’s advertising arm DoubleClick was by far the most common destination for data, showing up on 78 per cent of the sites tested, followed by Amazon, which was present in 48 per cent of cases, Facebook, Microsoft and adtech firm AppNexus.