U.S. District Judge William Orrick expressed skepticism when Meta, Facebook's parent company, said its pixel tool does not collect sensitive patient data from hospitals and health systems without disclosure, BankInfoSecurity reported Nov. 10.
Meta is facing a consolidated class action lawsuit in San Francisco federal court for allegedly violating medical privacy laws by obtaining medical data from its pixel tool that has been embedded into patient portals and scheduling apps at various hospitals and health systems.
Lauren Goldberg, Facebook's outside attorney, told Mr. Orrick that Facebook's "generalized disclosures say that when you travel around the web and interact with websites, they can send your information [to Meta]."
Mr. Orrick said the disclosures "don't say anything about your health information," and that he thinks "that's the kind of thing that a reasonable Facebook user would be shocked to realize — if what the plaintiffs are saying is true … and I take you're saying it is not … but if it was, then I think it's a big problem that there is not a specific consent for health data."
Plaintiffs say Facebook's Meta Pixel tool has granted the company unauthorized access to data including patient status, medical appointments and medical conditions.
Facebook said it contractually requires developers using Pixel to configure the tracking code on websites so that sensitive user data — such as health information — is not transmitted to Meta.
"Don't send us anything you don't have legal rights to send — and don't send us health information; we don't want it," is how Meta instructs Pixel users, said Ms. Goldberg.
Ms. Goldberg said Facebook users can also set up their individual accounts so that their "off-Facebook" activity is not tracked for advertising purposes.