Meta may have taken sensitive medical information without permission. According to The Verge, the company and hospitals are accused of violating HIPAA, the California Invasion of Privacy Act, and other laws by collecting patient data without consent.
When Meta’s Pixel analytic tracking tool was present on patient portals, it allegedly sent health statuses, appointment details, and other data to Facebook.
In one recent lawsuit, a patient claimed that Pixel gathered data from the UC San Francisco and Dignity Health portals and used it to deliver ads about heart and knee problems. The second lawsuit, filed in June, claims that at least 664 providers shared medical information with Facebook via Pixel.
Meta has been contacted for comment. The company requires that sites using Pixel obtain permission to share data before sending it to Facebook, but the plaintiffs allege that Meta failed to enforce its policies.
According to the lawsuits, it placed Pixel on the websites of the facilities despite knowing what kind of data it would collect.
The lawsuits are not guaranteed to be classified as class actions, and such cases rarely result in large payouts to individuals. The legal action, if successful, could be costly for Meta. They’re suing on behalf of all Facebook users whose healthcare providers rely on Pixel, which could number in the millions.
They also come after a slew of privacy-related US legal actions against the social media behemoth. Meta is being sued by the District of Columbia Attorney General over Cambridge Analytica’s collection of more than 70 million Americans’ personal information.
The company is also dealing with lawsuits related to its deactivated facial recognition system, and it only recently settled a 2012 class-action lawsuit concerning the use of tracking cookies.
These latest court battles indicate that concerns about Meta’s data collection practices are far from over, even as the company makes its own efforts to combat misuse.