Beware of Third-Party Trackers Like Meta Pixel. Ignoring Them Could Be Costly.

Odia Kagan
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

If you are dealing with sensitive information of any kind (yes, this includes precise geolocation, ethnicity, sexual orientation, etc), but especially health information (and yes, reproductive health information too), do yourself a favor:

  1. Scan your website for third party trackers like Meta Pixel.
  2. Talk to your tech folks to understand better what is going on and whether this is going on behind a log-in.
  3. If you are a HIPAA covered entity, make sure your business associates do 1 and 2.
  4. Get a good privacy lawyer to make sure all is in order and that you are doing what needs done.

A new complaint has alleged that Quest Diagnostics is sharing information with Facebook. Per the complaint, the sharing pertains both to the general website and the patient protected website (post log-in).

The cited cause of action is under the California Invasion of Privacy Act which is under the California penal code. It prohibits: “Willfully and without the consent of all parties to the communication, or in any unauthorized manner….read(ing) or attempt(ing) to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state; or (using), or attempt(ing) to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained, or (aiding agreeing with, employing or conspiring) any person or persons to unlawfully do, or permit, or cause to be done any of the acts.”

This is also the cause of action in the Otonomo class action that involves the sharing of geolocation data.

This is important because:

  • Recent study by The Markup showed that many hospitals are doing this too.
  • There is a class action against Meta for same.
  • The MA Cookie settlement was $18M for sharing health information (appointment details) with third parties without consent.

This is especially sensitive now because:

  • The CPRA regs flag sensitive information.
  • The FTC has flagged sensitive information
  • VA CDPA required an opt in for sensitive information.
  • The Federal bill is serious about sensitive information.
  • You already KNOW GDPR is serious about sensitive information.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide