• by Wendy Davis  @wendyndavis, February 3, 2023

Drug discounter GoodRx along with tech companies Google, Meta and Criteo were hit this week with a class-action privacy complaint.

The complaint, brought Thursday by an anonymous Florida resident, came one day after the FTC unveiled allegations that GoodRx wrongly shared consumers' health information with outside companies for ad purposes. The allegations largely align with those made by the FTC.

The Florida resident alleges in a complaint filed in U.S. District Court for the Northern District of California that she used GoodRx “on multiple occasions,” and also maintained social media accounts with Facebook and Instagram, as well as a Gmail account.

“GoodRx knowingly and intentionally incorporated a host of tracking technology for marketing, advertising, and analytics purposes on the GoodRx Platform without disclosure to its users,” the complaint alleges.

She says the ad companies -- which the complaint refers to as “advertising and analytics defendants” -- developed the tracking technologies allegedly used by GoodRx.

“GoodRx served targeted advertisements to users using the sensitive data disclosed to and intercepted by the advertising and analytics defendants between at least August 2017 and February 2020,” the complaint alleges.

Among other claims, she alleges that the companies engaged in “intrusion upon seclusion” -- a broad privacy concept that involves “highly offensive” conduct.

GoodRx settled with the FTC by agreeing to pay $1.5 million, to refrain from sharing users' health data for ad purposes, and to obtain users' express consent before sharing their health data for non-advertising purposes, among other terms.

The drug discounter stated that the settlement "focuses on an old issue that was proactively addressed almost three years ago, before the FTC inquiry began."

The company also said it doesn't agree with the allegations and doesn't admit wrongdoing.

The Justice Department, which sued on behalf of the FTC, alleged that GoodRx “sensitive user information with third-party advertising companies and platforms ... like Facebook, Google, and Criteo, and other third parties like Branch and Twilio,” the complaint alleged.

The data allegedly shared included users' “prescription medications and personal health conditions, personal contact information, and unique advertising and persistent identifiers.”

The government also alleged that GoodRx used Facebook's ad targeting platform to send ads to users based on their prescriptions and health conditions.

A Google spokesperson stated Friday that the company “prohibits personalized advertising based on sensitive data like health conditions or prescription medications,” and has “strict policies that advertisers and developers must comply with regarding personally identifiable information being shared with us."

Google says its analytics code is used for first-party website serving and analysis, and that the company doesn't use that data to create targeting segments or other ad systems.

A Criteo spokesperson said the company doesn't comment on pending litigation.

Earlier this week, the company stated that its policies and practices prevented it from receiving or using “the level of detailed information” that other ad providers allegedly received and used.

“Criteo never received any personally identifiable information, such as name or email address, or prescription and medical information, such as a user looking at a particular prescription,” Criteo stated after the FTC unveiled its case against GoodRx.

“Additionally, we never served any ads based on sensitive health information, such as prescription medication, and never served any ads with prescription medication. Criteo never received the content of any coupon offered by GoodRx, only an event saying whether or not a coupon was clicked by a user,” the company stated.