Facebook collects intimate customer data from over 100 European pharmacies

• Facebook collects detailed information about pharmacy customers and their purchases from over 100 online pharmacies in Europe, a Swedish Radio News investigation has found.

• The data gathered by Facebook includes search terms and detailed descriptions of products like HIV tests and Viagra, along with identifiers such as email addresses and phone numbers.

• “I’m shocked because this is data that pharmacies are not allowed to share with anyone,” says Paul Tang, a Dutch Social Democrat MEP.

Swedish Radio News has found over 100 online medicine retailers across Europe that allow Facebook to collect detailed information about customers and their purchases.

The data is collected through a tracking pixel that Facebook provides, and the pharmacies use without the customers’ consent.

In one of our experiments, one of Italy’s largest online pharmacies for over-the-counter medicines let Facebook know that we had added an HIV test, a pregnancy test and pills for irritable bowel syndrome to our shopping cart. At checkout, Facebook also received our name, email address and phone number.

Another example, from Germany, shows Facebook’s pixel collecting links containing our search queries, information about us looking to buy Viagra and starting a consultation on erectile dysfunction, as well as our name and phone number.

Companies that share information with Facebook in this manner usually do it in order to target ads to their website visitors or customers on the company’s social media platforms.

In a statement to Swedish Radio News, Facebook’s parent company Meta referred to the company’s policies, which say that advertisers should not send them information about people’s health through the pixel. The company declined an interview.

“This is typically Meta to shift responsibility away but they provide the opportunity for it so yes they are responsible,” says Dutch MEP Paul Tang, though he agrees that pharmacies share responsibility for the transfers.

Meta also said that the company has a system designed to filter out potentially sensitive data “it is able to detect”, adding that “[l]ike any technology, our filters won’t be able to catch everything all of the time.”

Meta has not responded to questions about how often their filtering mechanism actually detects such data, and whether sensitive information the filter fails to detect ends up being used by the company.

Last year, after Swedish Radio News revealed that Swedish pharmacies had used Facebook’s tracking pixel on hundreds of thousands of customers, the Swedish Authority for Privacy Protection opened probes into several pharmacies that are still ongoing.

According to Paul Tang, Meta should report themselves to data protection agencies in the relevant countries.

“I see it as a breach of personal data, so I think they should report it,” he says.