Latest Legal Developments in Meta Pixel Privacy Lawsuits
Healthcare , HIPAA/HITECH , Industry Specific
Mixed Ruling in Motion to Dismiss One Case, While Meta Seeks Dismissal of Consolidated Suit Marianne Kolbasuk McGee (HealthInfoSec) • May 10, 2023 Image: Meta
A putative class action lawsuit alleging privacy violations by a California medical center’s use of Facebook online tracking tools survived an attempt to have it dismissed in San Francisco federal court. In a separate lawsuit, Facebook is seeking dismissal of another proposed class action charging the social media giant with violating data privacy laws by collecting patient information transmitted through its Pixel tracking code.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The lawsuits came following revelations that healthcare providers have incorporated into patient portals web tracking technology. The Department of Health and Human Services in December warned clinicians that use of the trackers could violate privacy law.
The department’s chief HIPAA enforcer told Information Security Media Group in April her agency will “hopefully soon” bring an enforcement action for tracking-tool related HIPAA violations (see: HHS OCR Leader: Agency Is Cracking Down on Website Trackers).
A federal judge on Monday denied in part a motion by the regents of the University of California to dismiss the suit against it in February filed by a patient of the University of California San Francisco Medical Center, which is operated by higher education system.
The suit alleges violations of a variety of provisions in the California Invasion of Privacy Act and the Confidentiality of Medical Information Act caused by the presence of the Facebook code in the medical center’s patient portals and websites. The anonymous plaintiff asserts Facebook used information about her heart issues and high blood pressure for advertising purposes, as evidenced by receiving on Facebook ads for high blood pressure medication.
In his decision, Northern District of California Judge William Orrick said the University of California, a public entity, is immune to many of the lawsuit claims.
He found the plaintiff did sufficiently allege a privacy claim by invoking common law. “Personal medical information is understood to be among the most sensitive information that could be collected about a person,” Orrick wrote.
Orrick also presides over a lawsuit against Facebook alleging the company uses health data it receives from its free tracking tools to target advertising.
Facebook on Monday filed a motion to dismiss, charging that “plaintiffs have filed a grab-bag complaint asserting thirteen causes of action, ranging from ‘wiretap’ violations to larceny to trespass.
But none of those causes of action fits plaintiffs’ theory of the case – that Meta should be held liable for certain healthcare providers’ alleged misuse of a publicly available tool that Meta did not implement or configure on the providers’ websites.”
Orrick in December denied plaintiffs’ motion for a preliminary injunction against Meta to stop the company’s Pixel tracking code in third-party healthcare websites from collecting and disseminating patient information for advertising purposes (see: Judge Denies Motion to Stop Health Data Scrapping by Meta).
A hearing for Meta’s motion for dismissal is set for Aug. 16.