Meta illegally shared health info for targeted ads, lawsuit alleges

Two class-action lawsuits have been leveled against Meta Pixel, the company's analytics tracking tool.

The mid adult male doctor uses his digital tablet to show the senior adult man the medical record.  ...
SDI Productions/E+/Getty Images

Meta has allegedly been sharing sensitive health data with third-party advertising firms, according to two proposed class-action lawsuits. Both lawsuits focus on Meta Pixel, the company’s tracking tool used for analytics related to Facebook and Instagram ads.

Pixel is a JavaScript code that can be installed on just about any website to collect data about how visitors are interacting with the site. In a lawsuit filed last month, an anonymous patient — referred to in the lawsuit only as “Jane Doe” — at The University of California, San Francisco Medical Center claims she began receiving targeted ads related to her medical condition after using the hospital’s patient portal.

A similar lawsuit was filed in June by a patient at the MedStar Health System in Baltimore, Maryland, claiming that at least 664 healthcare companies have used Meta Pixel to collect medical data. Both lawsuits are seeking class-action status, which would allow others affected to claim damages along with the patients who filed the suits.

Meta’s supposed filters — Healthcare privacy laws — specifically 1996’s HIPAA — strictly prohibit the sharing of any medical data without patient consent. Because Pixel can be installed on any website with ease, Meta is responsible for filtering out any data that shouldn’t make its way to third-party advertisers.

Meta claims it protects the public’s health data in two ways: by requiring websites using Pixel to ask for patient consent before using Pixel and by filtering out sensitive health data itself. Both lawsuits allege that Meta isn’t taking the necessary steps to actually enforce these policies. As Pixel is Meta’s tool, and one that majorly benefits the company’s targeted advertising business, the onus falls on Meta to ensure it isn’t being used in a harmful manner.

Big tech and healthcare — The Northern District of California will now need to certify these lawsuits as class-action before they can move forward. The case could have far-reaching consequences; 33 of the top 100 hospitals in the U.S. use Pixel, according to a recent investigation by The Markup, and class-action status would affect every patient served by these websites (and plenty of others).

More broadly, the lawsuits call into question our allowance for Big Tech companies to collect data as sensitive as that pertaining to healthcare. Why do we allow Pixel to be installed on hospital patient portals, for example, when we know how much sensitive data is transferred through those sites? This line of questioning is one we’ll have to confront sooner rather than later, as Big Tech is eating its way into the healthcare industry more permanently even as you read this article.