The last thing any company wants in today’s digital world is an accusation of data-sharing, but several have that possibility looming. According to an investigation by The Markup and KFF Health News, 12 of the nation’s largest independent and grocery-connected drugstores are sharing consumer data with none other than you know who – Big Tech.
The investigators found website trackers (“pixels”) gathering data on what things site visitors browsed or purchased and, then, shared that private information with companies like Meta (formerly Facebook), Google (for its advertising and analytics offerings), and Microsoft (via Bing, its search engine).
The devious dozen? Albertsons, Costco, CVS, Food Lion, Giant, Kroger, Publix, Rite Aid – which was already called on the carpet for the same thing earlier this year – Sam’s Club, Stop & Shop, Walgreens, and Walmart. The items shared were only four, but all are of a sensitive nature: Plan B (the “emergency contraceptive”), prenatal vitamins, HIV tests, and pregnancy tests.
Likewise, a ProPublica investigation found that some online pharmacy websites selling abortion pills were also sharing sensitive data with Google and other third parties.
KFF Health News’ Darius Tahir and The Markup’s Simon Fondrie-Teitler explained how one of the tracking episodes plays out.
“Supermarket giant Kroger, for instance, informed Meta, Bing, Twitter, Snapchat, and Pinterest when a shopper added Plan B to the cart, and informed Google and [social media platform] Nextdoor … that a shopper had visited the page for the item,” the authors wrote.
“Walmart informed Google’s advertising service when a shopper browsed the page of an HIV test, and Pinterest when that shopper added it to the cart.”
Too hot to handle?
Tahir and Fondrie-Teitler suggest that some of the companies involved would wave their toe over the proverbial line and then retreat. They noted that over the course of the investigation, retailers would frequently change their trackers. Sometimes, they’d activate them. Sometimes, they’d remove them. Some even “appeared to be taking steps” to restrict tracking on sensitive products.
As an example, Walgreens’ website blocked some trackers from working on the pages of HIV tests and Plan B. “This code didn’t prevent all tracking, though: Walgreens’ site continued sending Pinterest information about those sensitive items a user added to the cart,” the authors claim.
Walgreens, for one, evidently didn’t like being in that position. After being notified of The Markup and KFF Health News’s findings, a company spokesperson said that it would no longer share browsing data related to HIV testing and reproductive health. A spokesperson for Pinterest confirmed as much, saying the social media company “can confirm that we will be deleting the data Walgreens requested.”
Where all of this is heading
Collecting, tracking, or sharing private information is no doubt quickly becoming an elephant in the room at the Federal Trade Commission (FTC). Not only is the agency likely to look further into information that mental health apps collect after what it claimed BetterHelp was doing in that regard, but could expand its focus.
After all, what this investigation uncovered is eerily close to the fight the FTC picked with GoodRx earlier this year and another recent investigation that revealed that various hospital websites have installed the Facebook Pixel trackers that allow Facebook to receive sensitive medical information including details about patients’ medical conditions, symptoms, and doctor’s appointments.
“Digital health companies and mobile apps should not cash in on consumers' extremely sensitive and personally identifiable health information, said the FTC’s Samuel Levine. “The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation.”
If the FTC doesn’t stop this runaway data-sharing train in its tracks, a class action lawsuit might. In fact, TopClassActions reports that two law firms are already looking into that possibility.
Stop hitting the 'Agree' button
You – the consumer – can stop this, you know. We tend to hurry through all the permission requests we’re bombarded with when we first land on a website. One of those things we allow is the ability of the website to collect and track information about us or our visits.
The process of opting out of sharing your data is lost on many people, but taking an extra half-minute to uncheck those boxes for "cookie preferences" could keep your data where it belongs – with you!
ConsumerAffairs searched for the methods browser companies offer to change permissions on a specific website and Apple, Google, and Microsoft were all on the same page in giving that power to the user.
When we tried it out, it was not only simple, but it was eye-opening – especially when you see what you’re allowing these websites to collect and track during your site visits.
Click on these links to find out more about how to protect yourself for each browser:
Apple Safari (for Mac computers)
How do you turn on the “Do Not Track” feature on those browsers? Like this:
Safari “Do Not Track”
Google Chrome “Do Not Track”
Microsoft Edge, Firefox, Opera “Do Not Track”
