
FTC makes an example of GoodRx, bans discounter from sharing private health data with advertisers
Prescription drug discount provider GoodRx will no longer be allowed to share its users’ sensitive health data with advertisers after the Federal Trade Commission charged the online coupon provider with failing to notify consumers of such disclosures to Facebook, Google, and other companies.
GoodRx agreed to pay a $1.5 million civil penalty for violating the FTC’s Health Breach Notification Rule after the FTC said it repeatedly violated a 2017 promise to not share sensitive personal health information. The FTC alleged that the company shared users’ prescription medications and personal health conditions with third party advertisers and platforms like Facebook, Google, Criteo, Branch and Twilio.
As an example, the FTC’s complaint notes that in August 2019, GoodRx compiled user lists of those who purchased particular prescription drugs, such as those used to treat heart disease and blood pressure, and uploaded their email addresses, phone numbers, and mobile advertising IDs to Facebook so Mark Zuckerberg’s company could identify their profiles. GoodRx then used that information to target these users with health-related advertisements.
“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement.
GoodRx said in a statement yesterday that this was “an old issue that was proactively addressed almost three years ago before the FTC inquiry began.”