Fraud Management & Cybercrime , Governance & Risk Management , Healthcare

Judge Gives Green Light to Meta Pixel Web Tracker Lawsuit

Judge Dismisses Some Plaintiff Claims But Allows Proposed Class Action to Advance
Judge Gives Green Light to Meta Pixel Web Tracker Lawsuit
A federal judge has denied Meta's motion to dismiss proposed class action litigation alleging a number of claims involving Meta Pixel tracking code embedded in healthcare websites and patient portals. (Image: Shutterstock)

A federal judge, in a mixed ruling, has given the green light for attorneys to proceed with a consolidated class action lawsuit against Meta that accuses the social media giant of intercepting sensitive health information with its Pixel tracking tools used in numerous healthcare websites and patient portals.

See Also: Using the Netskope HIPAA Mapping Guide

The litigation, which consolidates six proposed class action lawsuits filed against Meta over the last year or so, alleges 13 claims (see: Lawsuit: Facebook Is Collecting Patient Data of 'Millions').

District Judge William Orrick of the U.S. District Court for the Northern District of California on Thursday issued an order denying Meta's motion to dismiss many of the claims, including one that alleges that Meta violated state and federal wiretap allegations by intentionally intercepting the contents of plaintiffs' electronic communications using a device.

Plaintiffs also allege that Meta's pixel tracking code, embedded in healthcare websites and patent portals, scraped and sent plaintiffs' sensitive health information to Meta, which then sold the data without their consent.

In his ruling, Orrick also granted Meta's motion to dismiss several of the other plaintiffs' other claims, including negligence per se and allegations of various privacy law violations.

Despite dismissing the claims, the judge gave the plaintiffs an opportunity to file an amended complaint within 20 days to potentially strengthen those allegations.

Moving Forward

Orrick foreshadowed his ruling in a tentative order in August that indicated he was willing to let stand certain plaintiff claims, including that Meta violated federal and state wiretap laws (see: Federal Judge Inclined to Grant Claims in Meta Pixel Case).

Orrick is also allowing plaintiffs to move forward with other claims, including allegations that Meta was unjustly enriched by receiving plaintiffs' sensitive information via Pixel embedded in healthcare websites and patient portals and selling it to advertisers.

Plaintiffs allege that Meta knew it was receiving sensitive health data from healthcare websites through its web tracker and didn't do enough to prevent those transmissions.

Meta contends it has measures in place, including policies and filtering, to help prevent the alleged receipt of sensitive health information scraped by Pixel. But Orrick in his ruling indicated that, so far, he is unconvinced.

"What Meta’s true intent is, what steps it actually took to prevent receipt of health information, the efficacy of its filtering tools, and the technological feasibility of implementing other measures to prevent the transfer of health information, all turn on disputed questions of fact that need development on a full evidentiary record," Orrick wrote.

Last December, Orrick denied granting a preliminary injunction sought against Meta to stop the company's Pixel tracking code in third-party healthcare websites from allegedly collecting and disseminating patient information for advertising purposes (see: Judge Denies Motion to Stop Health Data Scraping by Meta).

If the case proceeds, a jury trial is slated to begin Dec. 1, 2025, according to court records.

Neither attorneys representing Meta nor plaintiffs in the case immediately responded to Information Security Media Group's requests for comment on the judge's ruling.

Additional Concerns

The consolidated class action lawsuit against Meta is one of many other Pixel-related lawsuits winding their way through other federal courthouses or proposed settlements.

For instance, Advocate Aurora last month agreed to a preliminary $12.25 million settlement of a proposed class action lawsuit filed in the wake of a data breach involving its previous use of web trackers. Advocate Aurora reported the incident to federal regulators in October 2022 as having affected 3 million individuals (see: Advocate Aurora to Settle Web Tracker Claims for $12.25M).

Meanwhile, the Federal Trade Commission and the U.S. Department of Health and Human Services are also closely scrutinizing the use of web trackers, including Pixel and Google Analytics, in the websites and apps of telehealth firms and HIPAA-regulated organizations (see: Feds Publicly Name 130 Healthcare Firms Using Web Trackers).


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.