Sponsored Links

Meta faces lawsuit for allegedly collecting patient health data without consent

Facebook may have violated patient privacy laws.
Facebook logo is reflected in a drop on a syringe needle in this illustration photo taken March 16, 2021. Picture taken March 16, 2021. REUTERS/Dado Ruvic/Illustration
REUTERS/Dado Ruvic
Jon Fingas
Jon Fingas|@jonfingas|August 2, 2022 12:29 PM

Meta may have scooped up sensitive medical information without consent. The Verge reports that two proposed class-action lawsuits accuse the company and hospitals of violating HIPAA, the California Invasion of Privacy Act and other laws by collecting patient data without consent. Meta's Pixel analytic tracking tool allegedly sent health statuses, appointment details and other data to Facebook when it was present on patient portals.

In one lawsuit from last month, a patient said Pixel gathered data from the UC San Francisco and Dignity Health portals that was used to deliver ads related to heart and knee issues. The second lawsuit, from June, is broader and claims at least 664 providers shared medical info with Facebook through Pixel.

We've asked Meta for comment. The company requires that sites using Pixel obtain the right to share data before sending it to Facebook, but the plaintiffs claim Meta refused to enforce its policies. It placed Pixel on the facilities' websites despite knowing the kind of data it would collect, according to the lawsuits.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The lawsuits aren't guaranteed to achieve class-action status, and such lawsuits rarely provide large payouts to individuals. If successful, though, the legal action could prove costly for Meta. They're asking for damages on behalf of all Facebook users whose healthcare providers rely on Pixel, and that could include millions of people.

They also follow a string of privacy-related US legal action against the social media giant. Meta is facing a DC Attorney General suit over Cambridge Analytica's collection of more than 70 million Americans' personal data. The company is also grappling with lawsuits over its deactivated facial recognition system, and only this year settled a 2012 class-action over the use of tracking cookies. These latest courtroom battles suggest that concerns about Meta's data gathering practices are far from over, even as the company makes its own efforts to crack down on misuse.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Meta faces lawsuit for allegedly collecting patient health data without consent