Privacy Nightmare: FTC Claims Drug Discount App GoodRx Leaked User Data to Facebook, Google

Mark Zuckerberg Smiles during testimony (Pool/Getty)

The FTC claims that drug discount app GoodRx has been selling user data to Facebook and Google. Although the Masters of the Universe have an insatiable appetite for personal details of all types, medical data is particularly prized for use in advertising and other ventures.

The New York Times reports that U.S. regulators have criticized GoodRx, a drug discount app that millions of Americans use to find cheaper prices on prescription medications. The app’s creator, GoodRx Holdings, was charged by the Federal Trade Commission (FTC) with improperly disclosing users’ private health information to tech giants Facebook and Google.

Sundar Pichai CEO of Google ( Carsten Koall /Getty)

Sabo mocks Google CEO Sundar Pichai

Sabo mocks Google CEO Sundar Pichai (

According to the FTC, GoodRx’s actions broke a federal law requiring fitness trackers and health apps to alert users when their data is compromised. Despite the company agreeing to settle the case, it has refuted the accusations and insisted that it has made no admission of guilt.

The FTC’s efforts to strengthen privacy and security safeguards for digital health services are highlighted by this crackdown on GoodRx and the growing concern over the disclosure of sensitive health information. Contrary to data gathered by doctors and hospitals, personal health information entered into apps or searched online is not covered by the federal Health Insurance Portability and Accountability Act (HIPAA).

the FTC claims that between 2017 and 2020, GoodRx uploaded the contact details of customers who bought specific medications to Facebook, enabling the business to locate customers’ social media profiles. Afterward, GoodRx used this data to target users with medication ads on Facebook and Instagram. According to the FTC, GoodRx’s public pledges to “never provide advertisers any information that reveals a personal health condition.” were broken by these actions.

According to the proposed federal settlement, GoodRx will be permanently prohibited from disclosing users’ health information for marketing purposes and will have to pay a $1.5 million civil fine for breaking the law requiring health breach notification. This is the first time the FTC has used its Health Breach Notification Rule, which requires connected devices and health apps to alert users of breaches or unauthorized sharing of their health data, to bring an enforcement action.

According to Samuel Levine, director of the FTC’s Bureau of Consumer Protection, “Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information.”

According to GoodRx, protecting user privacy is one of its top priorities. The FTC settlement mainly addressed problems that were resolved three years before the investigation. Since 2017, more than 55 million people have used the mobile apps or website of GoodRx. The company allegedly repeatedly broke its public promises by providing “extremely intimate and sensitive details” to outside ad tech and marketing companies, such as Facebook, Google, Criteo, and Twilio. This information might connect users to long-term physical and mental health problems, such as substance abuse.

GoodRx allegedly did not impose any restrictions on how these businesses could use the health information about their clients, allowing them to use it for their own internal business needs. The multibillion-dollar digital health industry’s user profiling and ad-targeting practices may be shaken up as a result of the case against GoodRx. It may also serve as a warning to businesses that regulators are trying to limit the exchange of consumers’ health information.

Read more at the New York Times here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan


Please let us know if you're having issues with commenting.