In the News

Privacy Litigation To Watch In 2023


January 2, 2023

The recent explosion of litigation accusing a wide range of companies of violating wiretap and video privacy laws through the technology they deploy on their websites will continue to proliferate in 2023, joining robocall and biometric privacy disputes that have long plagued businesses and also show no signs of abating.

Here, Law360 looks at the privacy litigation and trends that bear watching this year.

. . .

Meta Pixel Takes Center Stage

Meta Pixel, a code snippet and user tracking tool embedded in many websites, has also prompted a wave of litigation against both the companies that use the code and Meta Platforms Inc. itself.

. . .

The Meta Pixel is also at the heart of separate litigation that the social media giant is currently embroiled in over its alleged collection of confidential patient information and tax filing data.

An anonymous Maryland hospital patient launched a putative class action in June accusing Meta of violating the medical privacy of millions of Americans through the Pixel tool. The lawsuit claimed that the company knows — or should have known — that the web tracker is being improperly used on hospital websites, resulting in Facebook receiving such data as when a person registers as a patient, signs in to a patient portal or sets an appointment, among other information.

Meta has countered that while its Pixel tool is offered as a code that allows website developers to gather analytics information about people who visit their websites, it tells health care providers not to send Meta sensitive data.

More recently, two anonymous Facebook users hit Meta with another suit in December accusing the company of breaking privacy and taxpayer protection laws by collecting sensitive information from popular tax filing websites H&R Block, TaxAct and TaxSlayer through its Pixel tool.

These disputes, particularly the one related to the transfer of health care information, have “opened up a Pandora’s box of data privacy issues,” according to Aloke Chakravarty, a partner at Snell & Wilmer LLP.

“They’ve added scrutiny as to what data is made available to web beacons, how they are configured and who configures them, and the specter that more data than expected may have been incidentally captured from health care providers and more than consumers and clients may have expected,” Chakravarty said.

A bulletin about online tracking technologies released by the U.S. Department of Health and Human Services’ Office for Civil Rights on Dec. 1 is also poised to fan the flames of this fight, according to attorneys.

The guidance lays out the obligations of entities covered by the Health Insurance Portability and Accountability Act when using online tracking technologies like Meta Pixel or Google Analytics that collect and analyze information about how internet users interact with a regulated health provider’s website or mobile app.

According to HHS, “regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of [electronic protected health information] to tracking technology vendors,” an assertion that plaintiffs are likely to seize on in litigation challenging technology like the Meta Pixel on hospital websites, attorneys say.

. . .

The cases are In Re Meta Pixel Healthcare Litigation, case number 3:22-cv-03580, and Doe et al. v. Meta Platforms Inc., case number 3:22-cv-07557, both in the U.S. District Court for the Northern District of California.

Read the complete article on Law360 (subscription required).