The Federal Trade Commission (FTC) has imposed a fine of $1,500,000 on GoodRx Holdings for failing to report they were disclosing sensitive consumer health information to Google, Facebook, Criteo, Branch, Twilio, and other companies.
GoodRx is a California-based healthcare company offering telemedicine services, an online platform and mobile apps, drug coupons for discounts on 75,000 pharmacies across the United States, and more.
Inevitably, this puts the firm in an excellent position to collect sensitive health data, and according to public data, over 55 million people have used its services.
As explained in the U.S. government agency’s announcement, Goodx was engaging with Google and Facebook to facilitate targeted advertising on the platforms of all parties, so the company is essentially guilty of using people’s health information to make a profit.
This practice violates the FTC Act, a federal law protecting consumers from deceptive or anti-competitive business practices.
FTC’s announcement also states that GoodRx falsely claimed compliance with the applicable privacy laws, failing to comply with their dictations.
By taking into account all of the above, the number of impacted individuals, and the duration of the violations, the U.S. Department of Justice, on behalf of the FTC, has ordered GoodRx to pay a $1.5 million civil penalty.
“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information,” stated FTC’s Director of Consumer Protection Bureau, Samuel Levine.
“The FTC is serving notice that it will use all of its legal authority to protect