Overview
On January 29, 2024, Judge William H. Orrick of the United States District Court for the Northern District of California denied Meta’s second attempt to dismiss this consumer protection class action, which alleges that Meta’s proprietary Meta Pixel tool intercepts and transmits protected patient health information to Facebook.
In particular, the court rejected Meta’s argument that the patients’ privacy claims are foreclosed at this stage in the litigation just because their communications may have been conducted via publicly available webpages. Plaintiffs can move forward with claims of invasion of privacy/intrusion on seclusion, California’s Comprehensive Computer Data Access and Fraud Act (CDAFA), and trespass to chattels.
On September 7, 2023, the Court denied in part Meta’s motion to dismiss, allowing Plaintiffs’ claim that Meta violated the Electronic Communications Privacy Act (ECPA), as well as Plaintiffs’ breach of contract, duty of good faith and fair dealing claims.
On December 21, 2022, the Court appointed Cohen Milstein Interim Co-Lead Class Counsel.
Case Background
According to Meta, Meta Pixel is a snippet of JavaScript code that allows a company to track visitor activity on its website. It works by loading a small library of functions which the company can use whenever a site visitor takes an action (called an event) that you want to track (called a conversion). Tracked conversions appear in Meta’s Ads Manager where they can be used to measure the effectiveness of a company’s ads on Facebook or Instagram, thereby allowing a company to better define custom audiences for ad targeting, for Advantage+ catalog ads campaigns, and to better analyze the effectiveness of a company’s website conversion funnels.
Plaintiffs allege that Meta violated their medical privacy through its Pixel tracking tool, which is being improperly used on hospital websites resulting in the wrongful, contemporaneous, re-direction to Meta platforms of patient communications to register as a patient, sign-in or out of a supposedly “secure” patient portal, request or set appointments, or call their provider via their computing device. This unlawful collection of data is done without the knowledge or authorization of the patient, like Plaintiffs, in violation of federal and state laws as well as Facebook’s own contract with its users.
Specifically, Plaintiffs allege that when a patient communicates with a health care provider’s website where the Meta Pixel is present on the patient portal login page, the Meta Pixel source code causes the exact content of the patient’s communication with their health care provider to be surreptitiously re-directed to Meta in a fashion that identifies them as a patient.
Meta monetizes the information it receives through the Meta Pixel deployed on medical providers’ web properties by using it to generate highly profitable targeted advertising on- and off-Meta platforms.
Through its account managers and representatives, Meta is aware that it is receiving patient data from hundreds of different medical providers in the United States without patient knowledge, consent, or valid HIPAA authorizations.
To date, through experts, Plaintiffs have identified at least 664 hospital systems or medical provider web properties where Meta has received patient data via the Meta Pixel.
Plaintiffs originally filed their lawsuit on June 17, 2022. Cohen Milstein joined the litigation on August 18, 2022.