Lawsuit Investigation: Is Facebook Collecting Non-Users’ Health Data?

Last Updated on September 1, 2023

Investigation Complete

Attorneys working with ClassAction.org have finished their investigation into this matter.

Check back for any potential updates and take a look at our open investigations here. The information on this page is for reference only.

View List of Lawsuits
Comments |

At A Glance

This Alert Affects:
Anyone who does not have a Facebook account and used telehealth services provided by Monument, Cerebral, Brightside, Workit or Boulder.
What’s Going On?
It’s believed that Meta may have used a tracking tool on these telehealth companies’ websites to secretly collect patients’ sensitive health information – particularly for people who do not have Facebook accounts. Attorneys are looking into whether Meta is building so-called “shadow profiles” from non-users’ personal and health information – and whether a class action lawsuit can be filed over potential privacy violations.
How Could a Lawsuit Help?
A class action lawsuit could help compensate people whose privacy may have been violated. It could also force Meta to change its data collection practices.

Attorneys want to hear from anyone who does not have a Facebook account and used services provided by any of the following telehealth companies:

  • Monument
  • Cerebral
  • Brightside Health
  • Workit Health
  • Boulder Care

It’s believed that Meta (Facebook’s owner) may be using an online tracking tool embedded on these companies’ websites to collect sensitive health information about patients – even those who do not have a Facebook account. It’s suspected that Meta may be compiling these patients' personal and medical information to be used for advertising purposes without their knowledge or consent.

The attorneys believe that Meta’s suspected data collection practices may violate California privacy laws, one of which provides that consumers could be owed up to $5,000 for each violation. They’re now looking to file a class action lawsuit on behalf of patients whose health data may have been unlawfully collected by Meta.

How Could Meta Be Collecting Telehealth Patients’ Medical Data?

Meta’s advertising abilities – which supply its main source of revenue – rely on the social media giant’s vast collection of consumer data.

One tool Meta uses to amass this data is called the Meta pixel, which is an invisible tracking code that can be embedded on any webpage to collect and transmit information about the people who visit the page. The pixel can be programmed to record every action a visitor takes, such as the buttons they click, the searches they perform, the content they view and any information they provide through the website.

Attorneys believe that in the cases of the telehealth websites mentioned above, it’s possible that the pixel could be transmitting users’ protected health information to Meta, even though they don’t have a Facebook account.

In fact, the Federal Trade Commission and the U.S. Department of Health and Human Services’ Office for Civil Rights sent a letter on July 20 to roughly 130 hospital systems and telehealth providers about the “serious privacy and security risks” related to using tracking technologies on their websites. The agencies warned that tools such as the Meta pixel, which are not visible to website users, could share their protected health data, including information about health conditions, diagnoses, medications and treatments, with unauthorized third parties.

The joint letter cited a December 2020 investigation by news publications The Markup and STAT that found that tracking tools on telehealth providers’ websites were collecting and disclosing private health data to Meta and other major advertising platforms. The article stated that of the 50 analyzed websites, which included those of the telehealth companies mentioned on this page, 13 of them tracked and shared patients’ answers to medical intake questions, and 25 disclosed the prescriptions users added to their carts or the treatment plans they checked out with.

Could Meta Be Collecting Non-Users’ Health Data into Shadow Profiles?

It’s believed that Meta may be collecting this sensitive health information about consumers regardless of whether they have an account with the company. For people who do not have an active Facebook account, Meta may be compiling their data into what’s known as a “shadow profile,” i.e., a collection of data about a person that they never chose to share.

Meta may collect a variety of personal information about non-Facebook users, including names and contact information gleaned from data provided by other Facebook users and advertisers. Critically, non-users may not be aware of the amount or type of information Meta knows about them – and, in many cases, may have never agreed to let the social media giant collect or use their personal data.

It’s believed that non-Facebook users’ information may be used by Meta for advertising purposes, product development or security.

Attorneys believe Meta’s suspected collection of non-users’ health and personal data may violate California privacy laws, including the California Invasion of Privacy Act.

How Could a Lawsuit Help?

A class action lawsuit could help compensate non-users for any potential privacy violations. For instance, the California Invasion of Privacy Act provides that certain consumers who prove their privacy was violated could recover up to $5,000 for each violation.

A lawsuit could also potentially force Meta to change its data collection practices.

Before commenting, please review our comment policy.