"Unfortunately, by allowing data brokers and other AdTech companies to gather user data on charity pages dealing with profoundly sensitive topics, charities are inadvertently misplacing the trust that their users place in them when visiting their website for help and advice," says Sean McGrath, lead researcher on the project.
"The adtech industry is deeply complex, and it is almost impossible to say where user data ends up or what it might eventually be used for."
ProPrivacy points out that, in many cases, the charities concerned may not even know exactly what trackers they have on their sites. The campaigners are calling on charities to carry out audits of their websites for third-party adtech elements, and to exclude them entirely from any support or advice pages dealing with sensitive topics.
MORE FOR YOU
Google Chrome Update Gets Serious: Homeland Security (CISA) Confirms Attacks Underway
Why You Should Change This ‘Dangerous’ WhatsApp Photo Setting On Your iPhone
If You Have This ‘Very Dangerous’ Android Video App, Delete It Now
"When a mother with a drinking problem visits a charity site for help, is it reasonable for her to expect that this information might form some part of an advertising profile that can be sold on to hundreds of third parties including alcohol retailers?" the open letter asks.
CNBC later reported, and the companies confirmed, that they had signed an industry-standard agreement that allows for some sharing of protected health information under the current health privacy rules, known as HIPAA, but forbids either company from using that data for any purpose but to provide patient care.
"When a teenager seeks advice about their mental health, should they assume this data could eventually form part of their digital DNA?"