Meta (Facebook) and US hospitals have been sued for illegally using health data to target ads.
A strange story has come to light, with a class action lawsuit filed in the Northern District of California against the company Meta (Facebook), UCSF Medical Center and Dignity Medical Foundation Health, alleging that the organizations are illegally collecting sensitive health data of their patients for targeted advertising.
This tracking and data collection allegedly takes place on medical portals, where patients enter highly sensitive information about themselves, their condition, doctors, prescription drugs and more.
According to the lawsuit, neither the hospitals nor Meta informs patients about the data collection, no user consents are sought, and there is no visible indication of this process.
The plaintiffs became aware of the violation of their privacy when Facebook, the social media platform owned by Meta, started targeting them with ads completely tailored for their medical condition!.
Meta Pixels
The collection is supposedly done with the Meta Pixel, which is a piece of code that can be inserted into any website to help the website profile its visitors, but also collect data for targeted advertising.
This data collection takes place for all users, even if they do not have a Facebook account. However, for Facebook users the collected data is automatically linked to their account for deeper association.
Violation of privacy
The lawsuit alleges that Meta's tracking code is present on 33 of the top 100 hospital websites in the United States, and in seven cases, the code runs under password-protected patient accounts.
According to the complaint, the 33 hospitals found to have the Meta Pixel collectively saw more than 26 million inpatient and outpatient visits in 2020 alone.
The plaintiffs allege in their lawsuit that their data was breached because they had never consented to the collection of sensitive medical data, let alone its use in targeted advertising.
Meta even includes a clause in its data privacy policy stating that its partners (Meta Pixel hosts) must have legal rights to collect, use and share user data before handing it over to the advertising giant.
However, as stated in the complaint: "The services υγειονομικής περίθαλψης δεν έχουν το νόμιμο δικαίωμα να χρησιμοποιούν ή να μοιράζονται τα δεδομένα των ασθενών τους, καθώς αυτές οι πληροφορίες προστατεύονται από τον Νόμο HIPAA (Health Insurance Portability and Accountability Act) του 1996, ο οποίος προστατεύει όλες τις ηλεκτρονικές πληροφορίες υγείας».
Therefore, both Meta and the healthcare providers are accused of knowing that their data collection operation was illegal, yet they continued to do it and concealed it from the people they were watching.
In conclusion, plaintiffs, and on behalf of anyone similarly situated, claim damages for breach of confidentiality of medical information, unjust enrichment, breach of contract, Computer Data Access Act (CDAFA) fraud, as well as and on the federal wiretapping law.
Does it happen elsewhere?
And if there are such complaints in the USA, the headquarters of the Meta company, what might be happening in the others countries;
Have you visited a hospital recently and noticed the same behavior? Especially in private hospitals and clinics?
