Kroger, the supermarket giant, is entangled in a federal class-action lawsuit accusing the company of sharing confidential health details of pharmacy customers with Meta, Facebook's parent company, without their consent. The suit, filed on November 13, alleges that Kroger willfully installed tracking code provided by Meta on its web servers, surreptitiously transmitting private information to third parties, including Meta, for marketing purposes.
The lawsuit claims that Kroger embedded tools provided by Meta, such as the Pixel tool, on its web servers, allowing Meta to access sensitive data, including names, appointment details, prescriptions, and other health-related information. The plaintiff argues that Kroger violated the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) by sharing health information without obtaining express written authorization.
Kroger has positioned itself as a healthcare provider, and the lawsuit alleges that the company used consumers' private health information for marketing purposes, violating their privacy. The lawsuit emphasizes that customers did not consent to or authorize Kroger to disclose their private information to Facebook.
The lawsuit claimed that the computer code Kroger installed included Meta's Pixel tool, which effectively installed a bug on users' web browsers and forced them to disclose communications with Kroger to Facebook without their knowledge. Additionally, Kroger reportedly added Facebook's Conversions Application Programming Interface (CAPI) to its servers, enabling it to bypass ad blockers or other privacy controls that might have blocked Pixel from collecting users' information.
Further, the suit contends that Kroger's conduct constitutes an intentional intrusion on customers' privacy, as the company exceeded its authorization to access and share confidential information, facilitating Facebook's simultaneous eavesdropping and wiretapping of communications.
Kroger has been expanding its presence in the healthcare sector with initiatives like Kroger Health, which encompasses clinics, pharmacy businesses, and dietitians. The company operates numerous pharmacies and healthcare centers across its retail locations.
This legal action against Kroger follows similar lawsuits against other companies, including Costco, over allegations of improper disclosure of health-related details to Meta. The broader trend includes claims that Meta collaborated with various entities to collect private health information without individuals' consent.
As the legal battle unfolds, the case highlights the increasing scrutiny of companies' data-sharing practices, particularly concerning sensitive health information. The outcome of this lawsuit may have broader implications for how businesses handle and protect customer data, especially in industries where privacy and confidentiality are paramount.