Online pharmacies allegedly share sensitive health data with Google, Meta, TikTok

Online pharmacies and webshops are reportedly sharing sensitive consumer product data with advertising platforms. A joint investigation by Investico and Radar of 20 online pharmacies and webshops—including Etos, Trekpleister, Kruidvat, Flink, DA, and Bol.com—found that all 20 transmit medically sensitive visitor information to Google.

Ten of these retailers, including Etos, Albert Heijn, Jumbo, and Bol.com, also share personal data with Facebook. DA, Flink, and Plein provide data to TikTok, with DA additionally sending email addresses. The information reportedly includes highly private details about purchased or viewed health products, such as self-tests.

This sharing occurs when visitors accept cookies. Those who refuse cookies can prevent data from being sent to Facebook, but 15 of the pharmacies reportedly continue to transmit medically sensitive information to Google even when cookies are declined. Radar notes that visitors are often unaware their interactions with these products are being passed on to external advertising companies.

When contacted for comment by the investigators, several major companies acknowledged mistakes. Flink confirmed the findings, admitted the tracking should not have happened, and said a technical block for sensitive products has now been put in place.

Jumbo also confirmed that medical product data was shared with Google, Facebook, and Pinterest, and reported the issue to the Dutch Data Protection Authority as a precaution.

Bol.com said it has put filters in place to prevent sensitive product interactions from being used in personalized advertising but is reviewing additional measures.

DA, Albert Heijn, and Etos, however, disputed that these purchases qualify as special personal data, arguing that buying a pregnancy test does not automatically indicate anything about a person’s health, as the product could be intended for someone else.