Pharmaceutical companies fined for using the Meta pixel
In the context of digital transformation and the growing importance of online advertising, the use of tools such as the Meta pixel has become common in the pharmaceutical sector. However, this practice has raised legal and ethical concerns that have led to sanctions by regulatory authorities. Recently, the Swedish data protection authority imposed a fine of over 3 million euros on Apoteket , a Swedish pharmaceutical retailer, for failing to take adequate security measures when transferring sensitive customer data to Meta.
What is the violation committed?
The investigation carried out by the Swedish authority revealed that Apoteket introduced the Meta pixel, a script-based tool that records data about visitors’ behaviour and transfers it to Meta, on its website. By using this tool, Apoteket was trying to track the effectiveness of its social media ads and improve its targeted advertising. However, sensitive data such as purchased products and customer contact details were among the transferred information, which raised serious privacy concerns.
The data protection authority concluded that:
- The data transferred to Meta was of a sensitive nature, capable of revealing information about users’ health status or sexual life.
- Although the exact number of purchases affected could not be determined, it was concluded that the incident impacted a large number of interested parties.
- The data transfer lasted for two years.
- The nature, scope and context of the processing involved high risks that required a high level of protection of personal data.
- Apotheke did not apply security measures appropriate to the risks of the processing.
- As a result of this infringement, the Swedish authority imposed a fine of €3,200,000 on Apoteket for violating Article 32(1) of the GDPR.
Meta Pixel
The Meta pixel is a tool used by many companies to track user activity on their websites and measure the effectiveness of their advertising campaigns on Meta platforms. By inserting a piece of code into their website, companies can collect data on how visitors interact with their content , allowing them to optimize their ads and target audiences more effectively.
However, the use of the Meta pixel involves the collection of personal data, which imposes additional responsibility on companies in terms of regulatory compliance. In the case of Apoteket , the transfer of sensitive data to Meta without proper security measures and without adequate consent from users resulted in a serious breach of data protection regulations.
The Swedish authority stressed that although Apoteket took some measures to protect the information, such as transferring the data in hashed format, this was not sufficient to mitigate the risks associated with the processing of sensitive data. The lack of adequate security measures was considered a key factor in the severity of the breach.
Alternatives for pharmaceutical companies
In the face of increasing regulatory pressure and penalties for improper data handling, pharmaceutical companies must consider alternatives to the use of the Meta pixel that allow them to continue their marketing activities without compromising user privacy. Some of these alternatives include:
- Obtaining explicit consent: it is essential for pharmaceutical companies to obtain clear and explicit consent from users before implementing tracking tools. This involves informing users about what data is being collected, how it will be used, and with whom it will be shared.
- Use of first-party cookies: pharmaceutical companies may choose to use first-party cookies, which allow them to collect data directly from users visiting their website. This approach may be less intrusive and more in line with privacy regulations.
- Compliant marketing platforms: there are digital marketing tools that comply with data protection regulations. These platforms allow data collection in an ethical and legal manner, ensuring compliance with current regulations.
- Focus on educational content: pharmaceutical companies can focus their marketing efforts on creating educational and relevant content that does not rely on data tracking. This will allow them to build trust and credibility among users.
- Collaborating with privacy experts: working with data protection specialists can help pharmaceutical companies implement appropriate policies and educate their teams on the importance of data privacy.
- Privacy Impact Assessments: conducting privacy impact assessments before implementing new technologies or marketing tools can identify potential risks and ensure compliance with regulations.
- Alternatives to the Meta Pixel: pharmaceutical companies can explore other analytics solutions that do not involve the use of invasive tracking tools, thus ensuring the protection of sensitive data.
In conclusion, the sanction imposed on Apoteket for the misuse of the Meta pixel underlines the importance of personal data protection in the pharmaceutical sector. As regulations become more stringent, it is essential for companies to take a proactive and responsible approach to their digital marketing practices. By prioritizing user privacy and considering ethical alternatives, pharmaceutical companies not only comply with regulations but also foster consumer trust and loyalty. At Letslaw we are experts in data protection, so we could advise you on everything you need.
Desde que Carmen Araolaza empezó la carrera se familiarizó con el derecho tecnológico al haber estudiado Derecho + Especialidad TIC en la Universidad de Deusto.
Le apasiona el derecho digital, en concreto, el Comercio electrónico, la Propiedad Intelectual, la Protección de Datos, la Competencia y el Marketing Digital.