Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Los Angeles Times
Los Angeles Times
Comment
Los Angeles Times Editorial Board

Editorial: FTC crackdown on GoodRx sends a message that private consumer data must be protected

Since 2017, GoodRx has helped millions of people find deals on prescription drugs via an app and website. But what its customers may not have known is that the Santa Monica-based health company had also been sharing information about their prescriptions and illnesses with third parties such as Google and Facebook for advertising purposes.

Last week, the Federal Trade Commission fined GoodRx $1.5 million for violating customers’ privacy by failing to notify them about how their data were being used. This is the first time the FTC has used a law known as the Health Breach Notification Rule, which is designed to hold accountable for data privacy protections the companies that aren’t covered by the Health Insurance Portability and Accountability Act, the federal health privacy law known as HIPAA.

Good. The enforcement action is a warning to other tech firms at a time of growth in the industry. Increasingly consumers are using apps and wearable devices to monitor their health, and they should know exactly how their personal information is being used.

It’s heartening that the administration is taking action to protect consumers. In his State of the Union address this week, President Biden advocated for stronger data privacy controls and other protections to rein in technology firms.

The FTC says GoodRx, whose founders include former Facebook employees, used tracking technology and other software that captures consumer information such as the drugs for which a consumer had requested a coupon, the condition those drugs treat and personally identifiable information such as IP addresses. If a user inquired about a prescription drug for a sexual dysfunction condition, that user might have been targeted by ads for that condition on social media.

GoodRx, which claims to have saved consumers about $45 billion in prescription drug costs since the company was founded in 2011, denies any wrongdoing. The company says it never shared medical records, that third parties were not allowed to share health data further, and that the same tracking technology is used on many websites, including some used by the U.S. government. But the company agreed to the terms of the settlement, which needs to be approved by a judge, to avoid the costs of further litigation.

Seeing ads mentioning an embarrassing medical condition in your personal social media feed may seem like a small price to pay to get a reduced price for a medication, but data privacy specialists say that it could come with serious consequences. For example, data brokers could compile a list of people with cancer that could be used by scam artists marketing a fraudulent treatment.

This action by the FTC is a step in the right direction in guarding consumer health data. For too long, consumers have unwittingly handed over sensitive health information simply by using health apps or other technology devices. This makes it clear that these tech firms must disclose their intentions when collecting consumers’ health data.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.