GoodRx Agrees to $25 Million Settlement to Resolve Tracking Technology Lawsuit
GoodRx, a telemedicine platform provider and drug discounter, has agreed to settle a consolidated class action lawsuit for $25 million. The lawsuit was filed in response to its use of website tracking technologies that disclosed website visitor data to third parties such as Meta Platforms, Google, and Criteo for advertising purposes without user consent.
The tracking technologies, also known as pixels, are code snippets that are added to websites to track user interactions. The information gathered on visitors can be used to improve websites and is also transferred to third parties for advertising purposes. The Federal Trade Commission (FTC) investigated GoodRx over the use of tracking tools and determined the FTC Act had been violated. GoodRx had provided repeated assurances to its users that their sensitive data would not be shared with third parties, when the tracking tools on its website shared identifying information, including sensitive health information, with third parties without users’ knowledge or consent. The FTC also alleged a violation of its Health Breach Notification Rule as GoodRx failed to notify users about the data sharing.
GoodRx disagreed with the FTC’s findings, claiming the issue had been addressed almost 3 years before the FTC started investigating and maintains there was no wrongdoing. GoodRx maintains tools were used for advertising purposes in a manner it believed was compliant with all regulations. GoodRx chose to settle the alleged violations with the FTC for $1.5 million rather than fight them in court. The settlement agreement also requires GoodRx to refrain from sharing users’ health information with third parties for advertising purposes and to obtain consent before sharing data for non-advertising purposes.
Shortly after the FTC settlement was announced, a class action lawsuit was filed in the U.S. District Court of the Northern District of California against GoodRx that made similar allegations to the FTC – that personal information was disclosed to third parties without users’ knowledge or consent, when they had been informed on the website – between October 2017 and March 2019- that their personal information would not be disclosed to third parties. Specifically, the plaintiffs claimed that the website stated, “We never provide advertisers or any other third parties with any information that reveals a personal health condition of personal health information.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The lawsuit asserted claims of common law invasion of privacy, intrusion upon seclusion, unjust enrichment, violations of the California Confidentiality of Medical Information Act (CMIA), aiding and abetting violations of CMIA, violations of the California Invasion of Privacy Act, violations of the California Consumers Legal Remedies Act, and violations of the California Business and Professional Code. Several other lawsuits were filed over the privacy violations, which were consolidated into a single action, – Jane Doe et al. v. GoodRx Holdings, Inc., et al. The consolidated lawsuit also asserts claims of negligence, negligence per se, and violations of New York’s General Business Law and the Illinois Consumer Fraud and Deceptive Business Practices Act.
Meta, Google, and Criteo were also named in the lawsuit as co-defendants, and all three companies are attempting to have the claims against them dismissed. District Court Judge Araceli Martinez-Olguin is due to issue a ruling on the plaintiffs’ motion to approve the $25 million settlement. Should the judge approve the settlement, the plaintiffs will be permitted to continue to pursue claims against the other co-defendants, as they are not part of the proposed settlement.
If approved, individuals whose privacy was violated will be permitted to file claims for a share of the settlement fund, after attorneys’ fees, service awards, and legal costs and expenses have been deducted. The plaintiffs’ attorneys are seeking one-third of the settlement amount – $8.33 million.
