In order to sharpen targeted ad campaigns, Rite Aid allegedly engaged in a practice of sharing information of customers to third parties.
This is according to a class action lawsuit filed in California that accuses the retailer of giving away information about website users, reports legal media group ClassAction.org.
The lawsuit claims Rite Aid used the medical history, mental and physical condition, and treatment of patients when they went to RiteAid.com and filled prescriptions. The information was then passed on to third-party users like Meta, Google, and TikTok to improve targeted advertising efforts.
Rite Aid’s privacy policies specifically state the company needs to get written authorization from shoppers before their information is used for marketing purposes, according to ClassAction.org. The company also violated the Health Insurance Portability and Accountability Act and other federal and state statutes.
The lawsuit states Rite Aid’s website uses programming code called Meta pixel that sends information to Meta every time a user interacts with the web page used to fill prescriptions. The lawsuit says Google Tag Manager is also used.
Rite Aid also has the capabilities to share the names of consumers along with their phone numbers, email addresses, IP addresses, device IDs and Facebook IDs.
“This massive breach of confidentiality and privacy has, on information and belief, affected millions of Rite Aid’s customers in the state of California as well as millions more nationwide,” the complaint states, claiming that the mishandling of such sensitive information has the potential to give rise to serious consequences, including “embarrassment, discrimination in the workplace, and denial of insurance coverage.”