Shine a light on tech’s hidden impacts. Triple your donation.
Skip navigation

Privacy

Kroger Sued for Sharing Sensitive Health Data With Meta

Two proposed federal class action lawsuits, filed in the wake of a Markup investigation, accuse the grocer of disclosing private data through its online store and pharmacy

A person holding a credit card as they visit Kroger's website
Credit: Rafael Henrique/SOPA Images/LightRocket via Getty Images

Kroger, the largest supermarket chain in the U.S., is being sued in federal court for the unauthorized sharing of personally identifiable information and health data with Meta. 

Two different proposed class-action lawsuits were filed on Nov. 10 and Nov. 13 in the Southern District of Ohio, Western Division. The plaintiffs, both from Ohio, are anonymous. 

The suits alleged that Kroger essentially ”planted a bug” on its website, which includes an online pharmacy, and was “looking over the shoulder of each visitor for the entire duration of their Website interaction.” That “bug” refers to the Meta Pixel and the other trackers Kroger used on its website. The Nov. 10 suit claimed that as a result, Kroger leaked details of which medications and dosages a patient sought or purchased from Kroger’s pharmacy, which then allowed “third parties to reasonably infer that a specific patient was being treated for a specific type of medical condition such as cancer, pregnancy, HIV, mental health conditions, and an array of other symptoms or conditions.”

In February, The Markup revealed that Kroger collects extensive data through its loyalty program. The investigation detailed Kroger’s use of the Meta pixel on kroger.com, including how the company sent information to Meta when a pregnancy test was added to a virtual shopping cart. A similar example was included in the Nov. 10 lawsuit, showing that Meta is informed when a user searches on Kroger.com for Plan B contraceptives. The Nov. 13 lawsuit, in trying to establish the harms of “mishandling medical information,” also cited a Markup story on hospital websites disclosing sensitive information to Meta through the pixel.

Both suits claim that the use of Meta’s tracking pixel violates the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and Ohio state laws covering health information and privacy. They both cite warnings from the Federal Trade Commission and the Department of Health and Human Services against improper disclosure of personal health information online. 

Kroger did not respond to a request for comment.  

Attorneys for the plaintiffs either declined to comment or did not respond.

The Markup has reported extensively on sensitive information shared to Meta through the pixel, including by education technology providers, crisis mental health hotlines, hospitals, tax preparation companies and student financial aid providers.  

The Markup will continue to follow this case.

We don't only investigate technology. We instigate change.

Your donations power our award-winning reporting and our tools. Together we can do more. Give now.

Donate Now