Teledoc Users File Class Action for the Impermissible Use and Sale of Personal Information

On January 30, 2024 , several Teledoc Health, Inc., users filed a class action in New York federal court alleging that the company violated users’ privacy rights by operating its website with tracking pixels that disclosed consumers’ personally identifiable information and protected health information. The tracking pixels effectively worked to wiretap the users’ phones to capture private information and communications intended only for use on the Teledoc platform. The complaint alleges that the tracking pixels transmitted that data to third-parties, including Facebook and Google, in exchange for Teledoc receiving enhanced advertising services at more cost-efficient pricing.

The suit follows several enforcement actions by the FTC in 2023 (GoodRx and BetterHelp) and OIG (Cerebral) for substantially similar issues and concerns surrounding the improper disclosure of consumer or patient personally identifiable information. In each matter, including the current class action at issue, each organization’s privacy policies and representations were inconsistent with its actual privacy practices such that data was being used in a manner that was not disclosed to, or approved by, users. As a result, the organizations subject to the 2023 enforcement actioners were in a position to violate the terms of their respective privacy policies.

With increased attention on user privacy, and an uptick in enforcement by various government agencies, web hosts—especially those that collect personally identifiable information or personal health information—must evaluate their use of tracking technologies on websites and applications to ensure that data collection and disclosure practices are not overlooked in the organization’s privacy policies and regular risk assessments. It is recommended that these entities review and revise their privacy policies and procedures to ensure consistency and compliance.

How Frier Levitt Can Help

Data privacy regulations continue to evolve, including through the implementation and enforcement of various state privacy regimes. Organizations with access to personally identifiable information, personal health records, protected health information, or other consumer data must ensure their practices are consistent with applicable federal and state laws that govern how such data is accessed, used, and shared, and how such practices must be disclosed and acknowledged by users. Contact Frier Levitt for assistance in determining how federal and state data privacy rules impact your business model, what measures you must take to ensure your compliance with these rules, and how to be prepared to respond in the event of a breach or other privacy violation.