Non-Facebook Users Sue Meta for Intercepting Their Health Data via Tracking Tool
Meta intercepted individuals’ personal health data from their “covered entities” and via the Meta Pixel tracking tool profited from it without their consent, said a fraud class action Monday (docket 4:23-cv-04784) in U.S. District Court for Northern California in Oakland.
Third-party businesses, including healthcare providers and covered entities under the Health Insurance Portability and Accountability Act and California Medical Information Act, can place the Meta Pixel on their websites and use it to transmit a “vast array of identifying details about consumers” to Meta, said the complaint. That includes prescriptions, diagnoses and symptoms “that even close friends and family might not have known about -- but Meta did,” said the complaint.
The “tentacles” of Meta’s data collection efforts aren’t limited to Facebook users, said the complaint. The company collects “extensive information about individuals who have never had, or no longer have, Facebook accounts,” it said. Though Meta is known for being a social network provider, its “true business” is advertising, which drives most of its revenue, said the complaint, citing $117 billion in ad revenue in 2022. Meta’s specialty is targeted ads, “for which advertisers pay a premium,” and it fine tunes audiences for targeted ads by “relying on enormous caches of data it constantly mines” from people’s internet activity, it said.
Plaintiffs E.H. of Oklahoma and C.S. of Massachusetts visited websites and used services of covered entities that provided online treatment to patients, said the complaint. Intake questionnaires for the covered entities required plaintiffs to answer detailed questions, including name, address, email address and phone number. The plaintiffs don’t currently have Facebook accounts, nor did they have accounts at the time they used the entities’ telehealth services, the complaint said. But once it's activated, “the Pixel functions as an all-seeing eye, transmitting consumers’ data to Meta in real time, regardless of whether or not those consumers have Facebook accounts,” it said.
Via Pixel, Meta “intercepted a broad array of information” from plaintiffs when they signed up for and visited each covered entity’s website, said the complaint. Plaintiffs were unaware the tracking tool was intercepting their personal data and sending it to Meta, it said. Plaintiff E.H. had deleted the Facebook account they had prior to using the covered entity’s services, “in part because of their desire to protect their personal information from Meta,” it said.
The complaint noted telehealth company Cerebral “surreptitiously placed” Meta Pixel on its website October 2019-January 2023, allowing the company to “intercept consumers’ sensitive medical information in real time, despite its obligations to treat such information with the highest degree of care.” In addition to sending information from intake questionnaires, Cerebral was “broadcasting Plaintiffs’ specific symptoms directly to Meta,” the complaint said. Data sent to Meta from Monument, an alcohol use disorder telehealth company, included questionnaire answers about their mental health and drinking habits, said the complaint.
Plaintiffs received less value from the covered entities than they paid for, because the company was “sharing their economically valuable health care data but did not provide Plaintiffs with any concomitant discount,” the complaint said.
Plaintiffs allege violations of the Electronic Communications Privacy Act; California’s Invasion of Privacy Act, Unfair Competition Law and Consumers Legal Remedies Act; invasion of common law right to privacy and constitutional right to privacy; and unjust enrichment. They seek for themselves and the class injunctive and other equitable relief determined by the court; statutory, actual, compensatory and nominal damages, plus restitution and disgorgement of profits unlawfully obtained; pre- and post-judgment interest; and attorneys’ fees and expenses.