goodrx mobile app

The online prescription delivery company GoodRx has been slapped with a $1.5 million fine by the United States Federal Trade Commission (FTC) for sharing the health information of its customers with third parties without their express consent.

In addition to the fine, the FTC has banned GoodRx from sharing or using this kind of data for advertising purposes and it is forcing the company to notify its customers about how their data is being used or if it is accessed by an unauthorized party.

GoodRx must also ask the third parties with which it shared information to delete those data points from its customers and limit the time that it will store customers’ sensitive information within its systems.

GoodRx Shared Customers’ Information with Facebook and Other Similar Companies

According to the FTC’s complaint, GoodRx shared the information it gathered from its customers including their health conditions, contact information, and the medications they ordered from the platform with these parties including Facebook, Google, and Twilio, among other firms.

GoodRx did this without notifying customers or asking for their consent. The information shared by the service was used by these platforms to fine-tune their advertising platforms to facilitate the process of targeting individuals with specific health conditions.

Also read: Amazon Keeps Expanding its Pharmacy Business with Launch of RxPass

In addition, the company used the information for its own digital marketing campaigns, allowing it to display adverts on social media platforms that offered products that were relevant to their health conditions.

“GoodRx’s repeated, unauthorized disclosures of users’ personal and health information over the course of a four-year period have revealed extremely intimate and sensitive details about GoodRx users”, the FTC complaint stated.

“[These details] could be linked to (or used to infer information about) chronic physical or mental health conditions, medical treatments and treatment choices, life expectancy, disability status, information relating to parental status, substance addiction, sexual and reproductive health, sexual orientation, and other highly sensitive and personal information,”, the agency added.

GoodRx Does Not Admit Any Wrongdoing

In regards to the settlement, GoodRx stated that protecting their users’ privacy was one of their “most important priorities”. The company did not admit any wrongdoing and emphasized that they entered a settlement “to avoid the time and expense of protracted litigation”.

In addition, the prescription drug delivery service said that they have “proactively made updates” to its systems to make sure that its customers’ privacy remained well protected.

“While we had used vendor technologies to advertise in a way that we believe was compliant with all applicable regulations and that remains common practice among many health, consumer and government websites”, the statement reads.

Also read: How to Invest in Alphabet (GOOG) Stock – Beginner’s Guide

GoodRx emphasized that using the Facebook Pixel – a tool used by the social media company to track the footsteps of website visitors – is common practice among online businesses. This technology allows them to create re-marketing campaigns that target people who have already visited the site once or have taken an interest in certain products or content.

However, The Markup reported that the company was actively sharing sensitive information with Google Ads despite the bans imposed by the FTC including the name of the medication they took, the dosage, and the quantity ordered by the customer.

This settlement is considered a landmark and a game-changer in terms of industry practices as companies have been sharing their customers’ health information freely, and without their consent, for years.

“The @FTC’s order against @GoodRx includes a flat-out ban against selling user health data to 3rd parties in the future. This is the kind of conduct-changing remedy that has been hard to obtain in past cases”, tweeted Ben Rossen, a privacy and security lawyer who worked for the FTC.

Meanwhile, Samuel Levine, the Director of the Bureau of Consumer Protection at the regulatory agency, commented that “digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information”.

Other Related Articles: