SAN FRANCISCO (CN) — A federal judge will allow large portions of a class action filed by plaintiffs who claim their medical privacy was violated by Meta’s Pixel tracking tool to proceed.
In their complaint, the plaintiffs say Meta knew or should have known that its Pixel tracking tool was being used on hospital websites to collect the private medical information of users. The data then went to Meta, which used the data to create personalized ads the plaintiffs say. At least 664 hospital systems or medical provider web properties sent patient data to Meta through the Pixel tool.
The collection of this data — in the absence of a HIPAA authorization — violates Meta’s own privacy promise to its users, the plaintiffs say. Meta had promised users that the Pixel and other tracking tools required partners to have the lawful right to collect and share the data before providing the data to Meta.
Meta’s lawyers sought to dismiss the case and argued at a hearing Wednesday that there was nothing inherently unlawful about the use of the Pixel tool to collect data. Web developers, not Meta, are responsible for making sure they have the proper permission and legal right to share any data they collect, Meta argued, and developers are also responsible for what information is shared.
“Meta explains to web developers exactly how to meet their obligation to avoid sending sensitive data to Meta,” Meta's attorney Lauren Goldman told Senior U.S. District Judge William Orrick III.
In a tentative order ahead of the hearing, Orrick denied Meta’s motion to dismiss extraterritoriality and Wiretap Act claims, finding the plaintiffs had plausibly alleged that the data collection occurred in California and that Meta had not met its burden of proof to show that health care providers were given sufficient consent by the social media giant to collect sensitive medical information.
Goldman said the wiretap claims should be dismissed because there was no intent for Meta to receive the health data. She also argued that extraterritoriality claims should be thrown out since they are based on California law and none of the class plaintiffs is a California resident.
“There’s no statutory or common law doctrine that would allow the plaintiffs to impose liability upon Meta for the decision of third parties to send Meta data that it doesn’t want, that it has contractually barred them from sending in,” Goldman said.
Goldman said that plaintiffs had failed to show that Meta intercepted any communications “consciously and deliberately,” and because of that failure, wiretap claims should be dismissed.
“Plaintiffs’ main argument is that Meta knew it was receiving some sensitive health data and didn’t do enough to prevent those transmissions,” Goldman said, adding it does not prove intent to deliberately intercept the data.
Class attorney Jay Barnes said consent is “never presumed” in wiretap cases and that there was no specific evidence of any health care provider consenting to send Meta the data in question. That is Meta’s burden to prove, Barnes said.
“One way to prove it would be to show specific warnings to health care providers saying ‘we don’t want this data, stop sending it to us,’” Barnes said.
Barnes said Meta designed the Pixel and encouraged health care providers to adopt it. He said that he had sent Meta a list of web properties that it was still receiving medical information from, in violation of HIPAA.
“They’ve been on notice for a long time that they’re collecting this information without authorization,” Barnes said.
Orrick also advanced larceny, California Invasion of Privacy Act and unjust enrichment claims. He allowed larceny claims under the precedent Calhoun v. Google LLC, where a federal judge found the collection of user data without consent constitutes theft.
The judge advanced the invasion of privacy claims California criminal law prohibits individuals from using electronic tracking devices to determine the location or movement of a person. Unjust enrichment claims can proceed in the alternative, Orrick wrote.
Notable dismissed claims include Unfair Competition Law claims, Consumer Legal Remedies Act claims, and California Comprehensive Computer Data Access and Fraud Act claims.
Orrick said the unfair competition claims fail because the plaintiffs did not claim “lost money or property.”
“Even if the value of health care information qualifies as ‘lost property’ there are no allegations that plaintiffs actually intended to participate in that market,” Orrick wrote.
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
Additional Reads
-
Arguments begin in North Carolina voter ID trial May 6, 2024 -
