Major UK pharmacy shares intimate customer data with Tiktok

  • Chinese social media giant TikTok receives detailed information about UK pharmacy customers and their online purchases.

  • LloydsPharmacy shares customer email addresses as well as information about symptoms and purchases, a Swedish Radio News investigation has found.

  • The pharmacy chain also shared such information with Facebook.

When Swedish Radio News examines hundreds of European online pharmacies, one of them stands out.

During our test, the UK pharmacy chain LloydsPharmacy runs tracking pixels from Facebook and TikTok on its website.

The pixels monitor our visit in detail. For example, they collect our exact search terms – such as “erectile dysfunction” and “irritable bowel syndrome” – as well as data about products we add to the shopping cart, such as Viagra, thrush cream and a chlamydia test.

During our brief visit, LloydsPharmacy sends information to the social media giants 60 times.

At checkout, both Facebook and TikTok collect our email address. In addition, Lloyds sends our first and last name to Facebook, and our phone number to TikTok.

All of these transfers occur without our consent, and we are unable to turn them off in the cookie banner.

LloydsPharmacy declined a recorded interview, but wrote in an email that they are “currently investigating the issues raised” by Swedish Radio News, and that they regularly review their cookie and privacy policies.

After being contacted by Swedish Radio News, LloydsPharmacy changed their website so that transfers to Facebook and TikTok only occur once the visitor has accepted cookies.

When we chose to opt out of all optional cookies, we were met by a broken website where it was impossible to shop.

Neither Facebook nor Tiktok have responded to questions about their use of the information received from Lloyds Pharmacy.

Both companies wrote in emails to Swedish Radio News that advertisers should not send them health information.

Facebook has said it has a filter built to detect and delete sensitive health information and prevent it from being stored.

“Like any technology, our filters won’t be able to catch everything all of the time," Facebook's parent company, Meta, wrote in an email to Swedish Radio News.

The company has not shared any documentation that shows how effective the filter actually is.

Last year, Swedish Radio News sent 200,000 instances of sensitive health data in Swedish to Facebook from a fake online pharmacy created by its reporters, revealing that Swedish data was in fact stored on Facebook’s servers.