GoodRx Gave Advertisers Consumers' Medical Data, Says Complaint
Despite tweets from GoodRx co-CEO Doug Hirsch saying the discount prescription medication provider doesn’t gather data and give advertisers its users’ personal health information, tracking technologies on its platform “knowingly and intentionally” intercepted plaintiff Hollis Wilson’s personal medical information, said a Monday class action (docket 4:23-cv-01293), in U.S. District Court for Northern California in Oakland.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Burlingame, California, resident Wilson used GoodRx multiple times from 2015 to 2019 to buy medical prescriptions, said the complaint. During that time, she maintained Facebook and Instagram accounts, plus Gmail, YouTube and Google Maps accounts with Google. Unknown to her, GoodRx “knowingly and intentionally” used tracking technology for marketing, advertising and analytics on its platform “without disclosure to its users.” The technology included software development kits and tracking pixels for analytics and advertising that were provided by Google, Meta and Criteo, it said.
GoodRx knew incorporating the software would result in the “disclosure and interception of users’ interactions” on the platform, including personal identifiable information (PII), health information and prescription requests, alleged the complaint. Meta, for example, “allows website and app developers, like GoodRx, to use the Meta Pixel and its SDK with access to the data collected from their users and provides them with tools and analytics” to reach them through Facebook ads, it said.
GoodRx served targeted ads to users using sensitive data disclosed to, and intercepted by, the advertising and analytics defendants between August 2017 and February 2020, the complaint said. The prescription coupon company “was well aware of the data it disclosed” and allowed the other defendants to intercept, yet it continued to incorporate their technologies into its platform “and reap their benefit, by increasing its overall revenue through advertisements and by improving the GoodRx platform,” it said.
Wilson provided her PII, health information and other sensitive data to GoodRx to obtain medical treatment and prescriptions, she said. The information was then “disclosed to and intercepted by Meta.” She didn’t consent to the interception or disclosure of her data to Meta, Google or Criteo, which resulted in an invasion of privacy and violation of the Confidentiality of Medical Information Act and California Invasion of Privacy Act, the complaint alleged.
In addition to privacy claims, plaintiff alleges unjust enrichment and violation of California’s Unfair Competition Law against all defendants, plus violation of the California Consumers Legal Remedies Act against GoodRx. She seeks for herself and the class declaratory relief against the defendants; statutory, actual, compensatory, consequential, punitive and nominal damages; restitution and disgorgement of profits unlawfully obtained; and reasonable attorneys’ fees and costs.
Several similar suits have been filed against GoodRx in the San Francisco division of the Northern California district court. The company also emailed customers last month (see 2303010034) advising them the FTC alleged the company shared their personal identifiable information July 2017-April 2020 without their permission.