Interessante caso, segnalato da Eric Goldman nel suo blog, deciso (provvisoriamente) da US D.C. East. D. of California, 9 giugno 2025, No. 1:23-cv-01106-DC-CKD, Jane Doe e altri c. TENET HEALTHCARE CORPORATION, et altri.
Queste strutture raccoglievano molti dati sanitari dei clienti prodotti dalla loro interazione sui loro server e li cedevano a Meta: -direttamente dal pc del cliente, nel caso dei citt. Pixex; – a partire dal server delle strutture sanitaria nel caso di un’altra applicazione chiamata Conversions Application Programming Interface, “CAPI”.
Delle molte azioni svolte, alcune sono state mandate avanti, mentre altre sono state bloccate.
Si tratta però di normative nazionali poco interessanti nel dettaglio per l’operatore italiano (tranne quelle sulla data protection in senso stretto).
Qui interessa solo ricordare come funziona il tracciamento tramite Pixex , come riportato in sentenza:
<< Defendants deploy “various digital marketing and automatic software tools” on their Web Properties that disclose information to Meta, Google, and other third parties for “advertising purposes.” (Id. at ¶ 8–9.) Specifically, Defendants have installed source code known as “tracking pixels” on their Web Properties to share user information with third parties. (Id. at ¶¶ 34–35, 55–56, 79, 184, 233.) Meta Pixel (“Pixel”) is among the tracking pixels Defendants have installed on their Web Properties. (Id. at ¶¶ 42–43, 71, 111, 184, 233.) Pixel was developed by Meta as “a new way to report and optimize for conversions, build audiences and get rich insights about how people use [] website[s].” (Id. at ¶ 208.) Pixel enables Defendants to “measure the effectiveness of their advertising by understanding the actions people take on their websites.” (Id.)
Pixel is a “snippet of code embedded on a third-party website that tracks users’ activities as users navigate through a website.” (Id. at ¶ 192.) When a user visits a webpage containing Pixel, the code tracks and log each page the user visits, what buttons they click, as well as specific information that users input into a website. (Id.) Pixel functions by monitoring for an “event” that triggers the code on Defendants’ Web Properties, including their websites and patient portals. (Id. at ¶¶ 98, 130.) On Defendants’ Web Properties, Pixel is triggered each time a user interacts with new webpages, enters search terms in the search bar, engages with the “Find A Doctor” function, fills out forms, completes assessments, logs into the patient portal, or uses the patient portal. (Id. at ¶¶ 110, 130, 236, 242, 245–248, 273.) When an event occurs, Pixel “send[s] the information it collects to [Meta] through scripts running in a user’s internet browser, similar to how a ‘bug’ or wiretap can capture audio information.” (Id. at ¶¶ 213, 233.) In other words, Pixel redirects the content of the users communications to Meta simultaneously in “real time” while the exchange of information between the user and Defendants’ Web Properties is still occurring. (Id. at ¶¶ 232, 239.)
Pixel transmits data to Meta as a “full-string, detailed URL” consisting of information regarding a user’s browsing history, the name of the web page visited, and the search terms that the user used to find the web page. (Id. at ¶¶ 202, 255.) The information Meta receives via Pixel may include “the kinds of treatments that patients research on the hospital’s website, . . . patients’ past and future medical conditions, their past and future medical treatment, [] when and where they are receiving treatment for those conditions,” “the patient’s home address, their name, their search location, as well as their doctor’s specialty, name, and gender.” (Id. at ¶ 83.)
Pixel also sends Meta a user’s PII, including their internet protocol (IP) address, name, email, phone number, cookies, and browsing fingerprint (i.e., information that can be used to identify the specific device). (Id. at ¶¶ 204, 211, 215.) If the user has a Facebook account, Meta also receives the user’s Facebook ID (“FID”). (Id. at ¶¶ 215–217.) “A user’s FID is linked to their Facebook profile, which generally contains a wide range of demographic and other information about the user, including pictures, personal interests, work history, relationship status, and other details.” (Id. at ¶¶ 117, 120.) A user’s PII is sent to Meta in a “data packet” alongside information on the user’s interactions with Defendants’ Web Properties, allowing Meta to “link” a user’s activity on Defendants’ Web Properties to their Facebook profile. (Id. at ¶¶ 82–84, 239, 263.)
In addition to Pixel, Defendants installed and implemented Meta’s Conversions Application Programming Interface (“CAPI”) on their Web Properties’ servers. (Id. at ¶ 58.)
Unlike Pixel, which causes a user’s browser to transmit information directly to Meta, “CAPI tracks the user’s website interaction . . . records and stores that information on the website owner’s servers and then transmits the data to [Meta] from the website owner’s servers.” (Id. at ¶ 59.) CAPI is located on “the website owner’s servers (rather than a bug placed on the website users’ browsers),” meaning website owners can “circumvent any ad blockers or similar technologies.” (Id. at ¶ 61.) CAPI captures information submitted by users to Defendants’ Web Properties, including “the type of medical treatment sought, the individual’s particular health condition and the fact that the individual attempted to or did book a medical appointment.” (Id. at ¶ 64.)
Finally, Defendant Tenet “discloses the same kind of patient data” that it provides to Meta to other third parties involved in internet marketing, including Google, via tracking software installed on its websites. (Id. at ¶ 258.) Namely, Defendants deploy Google tracking tools, such as Google Analytics, Google DoubleClick, and Google AdWords, on “nearly every page of their websites, resulting in the disclosure of communications exchanged with patients to be transmitted
to Google.” (Id. at ¶¶ 259, 262.) Transmissions of information to Google “occur simultaneously with patients’ communications” with Defendants’ Web Properties and include data on “specific medical providers, treatments, conditions, appointments, payments, and registrations and logins to Defendants’ patient portal.” (Id. at ¶ 262.) Google also receives a user’s PII, including their IP address, cookies, geolocation, and other identifiers. (Id. at ¶ 259.)>>
Ricordo solo che la violazione del California Privacy Act è stata ritenuta plausibile, per cui l’azione relativa è stata fatta proseguire (v. sub C), C alifornia Invasion of Privacy Act (Count 1), p. 19 ss