The company Meta (Facebook) and hospitals of USA, were sued for illegally using health data to target ads.
A strange story has come to light, with a class-action lawsuit filed in the Northern District of California against the company Meta (Facebook), UCSF Medical Center and Dignity Health Medical Foundation, alleging that the organizations are illegally collecting sensitive health information. data of their patients for targeted advertising.
This monitoring and collection data mining allegedly takes place on medical portals, where patients enter highly sensitive information about themselves, their conditions, doctors, prescription drugs and more.
According to the lawsuit, neither the hospitals nor Meta informs patients about the data collection, no user consents are sought, and there is no visible indication of this process.
The plaintiffs became aware of the violation of their privacy when Facebook, the social media platform owned by Meta, started targeting them with ads completely tailored for their medical condition!.
Meta Pixels
The collection is supposedly done with the Meta Pixel, which is a piece of code that can be inserted into any website to help the website profile its visitors, but also collect data for targeted advertising.
This data collection takes place for all users, even if they do not have a Facebook account. However, for Facebook users the collected data is automatically linked to their account for deeper association.
Violation of privacy
The lawsuit alleges that Meta's tracking code exists on 33 websites of the top 100 hospitals in the United States, and in seven cases, the code runs under password-protected patient accounts.
According to the complaint, the 33 hospitals found to have the Meta Pixel collectively saw more than 26 million inpatient and outpatient visits in 2020 alone.
The plaintiffs allege in their lawsuit that their data was breached because they had never consented to the collection of sensitive medical data, let alone its use in targeted advertising.
Meta even includes a clause in its data privacy policy stating that its partners (Meta Pixel hosts) must have legal rights to collect, use and share user data before handing it over to the advertising giant.
However, as stated in the complaint: “Healthcare agencies do not have a legal right to use or share their patient data, as this information is protected by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which protects all electronic information health".
Therefore, both Meta and the healthcare providers are accused of knowing that their data collection operation was illegal, yet they continued to do it and concealed it from the people they were watching.
In conclusion, plaintiffs, and on behalf of anyone similarly situated, claim damages for breach of confidentiality of medical information, unjust enrichment, breach of contract, Computer Data Access Act (CDAFA) fraud, as well as and on the federal wiretapping law.
Does it happen elsewhere?
And if there are such complaints in the USA, the headquarters of the Meta company, what might be happening in the others countries;
Have you visited a hospital recently and noticed the same behavior? Especially in private hospitals and clinics?
