On September 7, 2023, Judge William H. Orrick of the United States District Court for the Northern District of California denied in part Meta’s motion for dismiss in this putative consumer protection class action, allowing Plaintiffs’ claim that Meta violated the Electronic Communications Privacy Act (ECPA), as well as Plaintiffs’ breach of contract, duty of good faith and fair dealing claims.

Plaintiffs allege that Meta, through its proprietary Meta Pixel tool, intercepts and transmits protected patient health information to Meta platforms and third-party advertisers in violation of federal and California consumer protection and wiretap laws, including the Federal Wiretap Act, California Invasion of Privacy Act, and California’s Unfair Competition Law.

On December 21, 2022, the Court appointed Cohen Milstein Interim Co-Lead Class Counsel.

Case Background

According to Meta, Meta Pixel is a snippet of JavaScript code that allows a company to track visitor activity on its website. It works by loading a small library of functions which the company can use whenever a site visitor takes an action (called an event) that you want to track (called a conversion). Tracked conversions appear in Meta’s Ads Manager where they can be used to measure the effectiveness of a company’s ads on Facebook or Instagram, thereby allowing a company to better define custom audiences for ad targeting, for Advantage+ catalog ads campaigns, and to better analyze the effectiveness of a company’s website conversion funnels.

Plaintiffs allege that Meta violated their medical privacy through its Pixel tracking tool, which is being improperly used on hospital websites resulting in the wrongful, contemporaneous, re-direction to Meta platforms of patient communications to register as a patient, sign-in or out of a supposedly “secure” patient portal, request or set appointments, or call their provider via their computing device. This unlawful collection of data is done without the knowledge or authorization of the patient, like Plaintiffs, in violation of federal and state laws as well as Facebook’s own contract with its users.

Specifically, Plaintiffs allege that when a patient communicates with a health care provider’s website where the Meta Pixel is present on the patient portal login page, the Meta Pixel source code causes the exact content of the patient’s communication with their health care provider to be surreptitiously re-directed to Meta in a fashion that identifies them as a patient.

Meta monetizes the information it receives through the Meta Pixel deployed on medical providers’ web properties by using it to generate highly profitable targeted advertising on- and off-Meta platforms.

Through its account managers and representatives, Meta is aware that it is receiving patient data from hundreds of different medical providers in the United States without patient knowledge, consent, or valid HIPAA authorizations.

To date, through experts, Plaintiffs have identified at least 664 hospital systems or medical provider web properties where Meta has received patient data via the Meta Pixel.

Plaintiffs originally filed their lawsuit on June 17, 2022. Cohen Milstein joined the litigation on August 18, 2022.

Case name: In re Meta Pixel Healthcare Litigation, Case No. 22-cv-03580, United States District Court for the Northern District of California