On Oct. 20, U.S. Sen. Mark R. Warner (D-VA) sent a letter to Mark Zuckerberg, CEO of Meta, voicing concern and requesting more information regarding Meta’s practice of collecting user’s health information through tracking applications.
On Oct. 21 we reported that “Advocate Aurora Health—headquartered in Downers Grove, Ill., and Milwaukee—said on its website in a statement that it installed ‘pixels’ on its website that possibly breached the data of up to 3 million patients. Journalists began reporting the breach earlier this week.
An investigation was published by The Markup in June and found that 33 of the top 100 hospitals in the U.S. use the Meta Pixel on their websites, including seven hospitals that installed it on password-protected patient portals. The investigation found that Meta Pixel was sending information about patient health conditions, medical appointments, and medication allergies to Facebook.”
A press release on the letter states that “In the letter, Sen. Warner highlighted the need for user privacy and increased transparency around how user data is collected online, which has become increasingly important as the use of telehealth appointments, online appointment booking, and electronic record keeping have risen exponentially over the course of the pandemic.”
Further, “‘As we increasingly move health care online, we must ensure there are strong safeguards in place surrounding the use of these technologies to protect sensitive health information,’ wrote Sen. Warner.
“Specifically, Sen. Warner called attention to Meta Pixel, a tracking tool that sends Meta a packet of data whenever a user clicks a button to schedule a doctor’s appointment—without the knowledge of the individual making the appointment.”
Sen. Warner also noted allegations that this practice of data harvesting and collection has been used by Meta to target advertisements across their platforms. In August of this year, two lawsuits were filed against the company over the alleged unlawful collection and sharing of health data without consent.
Warner asked Meta to respond to a series of questions, including what information Meta has access to or received directly from the Meta Pixel; how does Meta store information received; and how does Meta handle sensitive information from third parties?
A GovInfo Security article from Oct. 25 by Marianne Kolbasuk McGee, says that “A Meta spokesman responded to Information Security Media Group's request for comment on the letter by stating, ‘Advertisers should not send sensitive information about people through our business tools as doing so is against our policies. We educate advertisers on properly setting up business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.’”
Kolbasuk McGee adds that “Meta faces at least four proposed class action lawsuits about to be consolidated in the Northern District of California related to its use of Pixel and the privacy of health data.”
