Tracking Your Website Users May Open You Up to Litigation

January 31, 2023

If your company tracks users of its website, there’s a chance you could be sharing client information illegally through a little-known tracking code called Meta Pixel.

Meta Pixel is a snippet of JavaScript code that can be used by website owners for tracking user activity. This information is sent to Meta, the parent company of Facebook, and the information can be used to track user activity, identify trends and improve user experience.

Dozens of lawsuits have already been filed, mostly targeted at health care organizations. According to a study by The Markup, one-third of the top 100 hospitals in America utilized Meta Pixel. Twenty-eight of these hospitals have since removed this tracking tool.

Hospitals are being targeted because Meta Pixel may be sending patients’ protected health information (PHI), in violation of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires patient consent to transfer patient PHI, and there is no evidence of consent being obtained in these instances. Outside of health care, there have been multiple allegations of other companies sending user data to Facebook.

There are lawsuits involving the MLB, NFL and AMC Theaters that allege they have been unlawfully turning over subscribers’ identity and video data to Facebook without consent, in violation of the Video Privacy Protection Act. Multiple tax service organizations, including H&R Block, have also been alleged to be sending sensitive information to Meta when Americans file their taxes online.

Chick-fil-A is facing a class action lawsuit after tracking and sharing video viewership data with Meta. The fast-food chain is also “investigating suspicious activity on some customer accounts,” according to the company’s website.

Outside of the private sector, two lawmakers have questioned the U.S. Department of Education about their sharing of applicant data through the Meta Pixel.

The Meta Pixel, and website tracking generally, is a developing area and there is uncertainty over whether a cyber liability policy will respond to these lawsuits. Organizations should review their privacy policies, confirm the types of data they collect and know the implications of sending user data to third parties.

Do you know if your organization is utilizing Meta Pixel tracking? Oswald can help. Reach out to your broker today to find out if your website uses Meta Pixel, and if so, how to remove it.

For more information, visit our Cyber Risk page or contact us here.



Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.