Meta Platforms must face class action for breaching medical privacy of patients

US District Judge William Orrick in San Francisco said the plaintiffs could pursue claims that Meta violated a federal wiretap law and a California privacy law, and violated its own contractual promises governing user privacy on Facebook.

In a 26-page decision on Thursday, the judge said the case, based on the evidence so far, “does not negate the plausible allegations that sensitive healthcare information is intentionally captured and transmitted to Meta.”

Orrick dismissed some other claims but said the plaintiffs, all using John Doe or Jane Doe pseudonyms, could try to replead them.

According to the plaintiffs, Meta Pixel provided sensitive information about their health to Meta when they logged into patient portals, where the tracking tool had been installed, enabling Meta to make money from targeted advertising.

The lawsuit seeks unspecified damages for all Facebook users whose health information was obtained by Meta.

Discover the stories of your interest

Neither Meta nor lawyers for the Menlo Park, California-based company responded on Friday to requests for immediate comment. Lawyers for the plaintiffs did not immediately respond to similar requests. When the litigation began in June 2020, lawyers for one plaintiff said they had found at least 664 hospitals and other healthcare providers that used Meta Pixel.

In seeking a dismissal, Meta said it “does not disagree” that sending sensitive health information could be a serious problem.

But it also said there was nothing inherently harmful or unlawful about its technology, and that it was up to the healthcare providers to decide how to use Meta Pixel.

Orrick, however, said it was not clear whether Meta did enough to stop the transmission of patient details, or might be excused because healthcare providers actually consented to it.

He also found “detailed and plausible allegations” that transmitting such information was necessary for Meta’s advertising services.