Drug discounter GoodRx along with Google, Meta and Criteo are urging a federal judge to dismiss a class-action privacy complaint stemming from allegations that GoodRx wrongly shared consumers' health information with the tech companies for ad purposes.
GoodRx argues in papers filed Friday that it informed consumers about data sharing, and that people consented to share their information in exchange for coupons.
“Users consented to provide certain information ... to GoodRx and its vendors; in exchange, GoodRx provided the users with valuable drug pricing information, coupons, and (for GoodRx Care users) access to discounted telehealth services,” the company writes.
Google, Meta and Criteo filed separate motions asking Martínez-Olguín to dismiss the lawsuit.
The companies' papers come in response to a class-action complaint brought by GoodRx users in February, soon after the Federal Trade Commission unveiled an enforcement action against the company. The FTC said GoodRx “repeatedly violated” promises to “never share personal health information with advertisers or other third parties.”
Among other allegations, the FTC said GoodRx shared sensitive information -- “prescription medications and personal health conditions, personal contact information, and unique advertising and persistent identifiers” -- with third-party ad companies.
GoodRx settled that matter by agreeing to pay $1.5 million, to refrain from sharing users' health data for ad purposes, and to obtain people's express consent before disclosing their health data for non-advertising purposes.
GoodRx said at the time that it didn't agree with the allegations. It also didn't admit wrongdoing. The company added that the settlement focused on “an old issue that was proactively addressed almost three years ago, before the FTC inquiry began."
In addition to arguing that consumers consented to any data disclosures, GoodRx also says the users who sued can't prove any injury, and therefore lack “standing” to proceed in federal court. What's more, the company argues, some of the users who used GoodRx's coupons “very likely saved money through the free service.”
The complaint also claims the tech companies violated consumers' privacy by engaging in “intrusion upon seclusion” -- a broad concept that allows people to hold companies liable for “highly offensive” conduct that infringes privacy.
Criteo argues the complaint “makes only vague and factually unsupported allegations about Criteo’s business generally,” and also that it “fails to allege Criteo took any consumer-facing acts or established any practice, let alone a deceptive one.”
The company writes: “The complaint contains no facts to plausibly indicate that Criteo even received data from GoodRx -- no facts to indicate that the unspecified Criteo technology worked and was configured in such a way to send any data, or any particular data, to Criteo, or that any data sent to Criteo (if any was sent) was actually sensitive, or that it could be linked to plaintiffs individually.”
Meta says in its new papers that it doesn't want to receive sensitive health information from publishers, and contractually bars developers from sending that type of data. The company also says it has a system to filter out sensitive health data.
Meta also argues it shouldn't be responsible for “GoodRx’s alleged misuse” of a tracking technology, adding that the consumers consented to GoodRx's practices.
Google makes a similar argument, adding that it prohibits targeted advertising based on health conditions.
“Plaintiffs do not identify any fact that would make it plausible that Google served any ads based on data entered by plaintiffs on the GoodRx platforms,” the company writes.