OAIC Inquiry Uncovers Hidden User Monitoring on Health Websites
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Privacy Violations in Australian Health Websites: OAIC’s Discoveries

Quick Overview
- OAIC reports that 96% of Australian health websites utilize tracking technologies.
- 52% deploy third-party tracking pixels that send user information without approval.
- OAIC urges audits and minimal data gathering on sensitive sites.
- Monash IVF and Medmate were identified as violating privacy regulations.
- OAIC compliance demands require these entities to halt such data practices.
Exploring User Monitoring on Health Websites
The Office of the Australian Information Commissioner (OAIC) has revealed the extensive use of hidden user monitoring technologies on health service websites across Australia. An examination of 50 health sector sites found that a remarkable 96% used tracking technologies, with 52% employing third-party tracking pixels to collect and share user information without their awareness or consent.
In contrast to cookies, tracking pixels cannot be easily controlled by users, as they activate automatically upon page loading, eliminating any chance for users to provide informed consent.
Demand for Clarity and Reduced Data Gathering
The OAIC has called for healthcare websites to conduct comprehensive evaluations of their tracking technologies. The regulatory body advocates for configuring tracking pixels to gather the minimum data required, particularly for sites handling sensitive health data. The suggestion is to abolish the employment of tracking pixels in these scenarios.
Regulatory Actions Against Monash IVF and Medmate
Post the 2024 investigation, inquiries were initiated against Monash IVF and Medmate. Monash IVF had utilized tracking pixels since 2012, sending hashed user data to Meta without oversight. Likewise, Medmate sent sensitive URL information through TikTok’s platform pixel without establishing adequate consent protocols.
The OAIC determined that both organizations breached multiple Australian Privacy Principles, necessitating urgent modifications to their data collection practices.
Conclusion
The OAIC’s investigation underscores significant privacy issues within the Australian health sector concerning user monitoring. With actions taken against Monash IVF and Medmate, focus is now on promoting transparency and user consent in data handling. The findings highlight the requirement for healthcare providers to reassess their data management practices to comply with privacy regulations.













