Since 2017, more than 55 million people have used or visited GoodRx’s mobile app or website, the FTC said. The complaint alleges that from 2017 to 2020, the company “disclosed extremely private and sensitive details” to third-party ad technology and marketing companies including Facebook, Google, Criteo, and Twilio, repeatedly violating its public commitments not to do so. The agency said the disclosed data could link users to chronic physical and mental health problems, including substance abuse.
GoodRx also did not limit how Facebook, Google and others use their customers’ health information, allowing third parties to use the data for internal business purposes such as research and product development, federal regulators said. GoodRx also “failed to provide adequate” protections for users’ personal information, such as appropriate formal written privacy and data sharing policies, the regulator said.
The FTC’s case centers on GoodRx’s use of tracking tools from Facebook, Google and others. Millions of websites and applications use such tools (called “pixels” and “SDKs”) to track user activity data and share the data with third parties for commercial purposes such as ad targeting and user profiling .
Such tracking tools can collect information such as a user’s name, email address, mobile phone number, unique device ID code, location, gender, and Internet Protocol or IP address. They can also log details of user activity, such as opening apps, clicking links, or viewing information about specific diseases or medications.
While this kind of data sharing is common in consumer sectors such as retail and travel, the FTC’s complaint alleges that GoodRx’s use of tracking tools to share personal health data with advertising platforms led to deceptive and unauthorized data disclosures — an argument that weighs heavily on digital data. The usual business of the industry presents challenges to the wellness industry.
GoodRx said it removed the Facebook tracking pixel nearly three years ago.
Over the past few years, the FTC has intensified its focus on health privacy.
In 2021, the FTC accused the developers of Flo, a health-tracking app used by more than 100 million women, of misleading users about its data practices by sharing intimate health details about their periods and pregnancies with Google and Facebook program. Flo agreed to a settlement with the agency that bars the company from misleading users about privacy and requires their consent before sharing their health details.
