Meta may have scooped up sensitive medical information without consent. The Verge reports that two proposed class-action lawsuits accuse the company and hospitals of violating HIPAA, the California Invasion of Privacy Act and other laws by collecting patient data without consent. Meta’s Pixel analytical tracking tool allegedly sent health statuses, appointment details and other data to Facebook when it was present on patient portals.
In one lawsuit, a patient said Pixel gathered data from the UC San Francisco and Dignity Health portals that was used to deliver ads related to heart and knee issues. The second lawsuit is broader and claims at least 664 providers shared medical information with Facebook through Pixel.
We’ve asked Meta for comment. The company requires that sites using Pixel obtain the right to share data before sending it to Facebook, but the plaintiffs claim Meta refused to enforce its policies. It placed Pixel on the facilities’ websites despite knowing the kind of data it would collect, according to the lawsuits.
The lawsuits aren’t guaranteed to achieve class-action status, and such lawsuits rarely provide large payouts to individuals. If successful, though, the legal action could prove costly for Meta. They’re asking for damages on behalf of all Facebook users whose healthcare providers rely on Pixel, and that could include millions of people.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.