A San Francisco federal court jury on Friday found Meta Platforms Inc. violated the California Invasion of Privacy Act in a landmark data privacy class action, which accused the Big Tech giant of illegally mining sensitive sexual and reproductive health data from Flo Health Inc., an app-based online fertility tracking platform.
  • NocturnalEngineer@lemmy.worldEnglish
    21·
    4 days ago

    I have questions…

    What was Meta’s defense for a social media site to need sensitive sexual and reproductive health data?

    And if Flo was UK based, surely that data should have been covered by GDPR. How was Meta a partner with legitimate interest to PII data?

    • spaghettiwestern@sh.itjust.worksOPEnglish
      201·
      4 days ago

      Meta’s done worse: https://www.hipaajournal.com/meta-facing-scrutiny-over-use-of-meta-pixel-tracking-code-on-hospital-websites/

      Meta Pixel is a snippet of JavaScript code that can be used by website owners for tracking user activity through the use of cookies.

      The problem is the data collected via this code snippet may be sent to Meta, and may include patients’ protected health information. Meta is not a business associate of HIPAA-covered entities, and under HIPAA compliance rules, any data transmitted to Meta would require patient consent to be a HIPAA compliant website.

      Criminal and civil judgements are dwarfed by the huge profits generated by the violation of privacy laws. Shareholders and C-Suites don’t care where the money is coming from as long as it keeps coming.