According to reports, a new lawsuit in the United States alleges that Facebook parent company Meta accessed the private medical data of millions of people without users’ permission and used it. This data provides targeted advertising on the Facebook platform for drug and medical information.
The lawsuit, filed last week in the Northern District Court of California, is the second of its kind in recent times, alleging that hospitals in the U.S. violated the Health Insurance Portability and Accountability Act (HIPAA) by providing Meta with sensitive patient information.
The hospitals used Meta’s Pixel tools, the indictment said. The tool accesses patients’ password-protected private healthcare portals and shares sensitive health information, which Meta then sells to Facebook advertisers. Pixel tools enable businesses to measure and build audiences for advertising campaigns. In June, The Markup, a nonprofit news organization, found that 33 of the top 100 U.S. hospitals were using the Pixel.
The indictment detailed the experience of a Facebook user. She entered her heart and knee problems on UCSF Medical Center’s private patient portal, and she started receiving targeted ads promoting the drugs.
Meta’s policy states that advertisers should not share with Meta sensitive information they know about, including users’ health and financial information. The lawsuit, however, alleges that Meta knowingly collected this sensitive medical data from healthcare websites.
Meta declined to comment on the lawsuit. The company has also come under fire in the past for its data-tracking policies. It was previously reported that Meta is developing a “basic advertising” product that does not rely on users’ personal information.