GoodRx Holdings, Inc., $1,500,000
Prescription drug discount platform GoodRx shared users’ prescription medication lists and personal health information with Facebook, Google, and other advertising companies.
Case identifiers
- Respondent
- GoodRx Holdings, Inc.
- Agency
- Federal Trade Commission
- Announced
- 2023-02-01
- Monetary relief
- $1,500,000
- Case number
- FTC File No. 202-3090
- Statutes cited
- FTC Act § 5 · FTC Health Breach Notification Rule
Key facts
- 1
GoodRx shared sensitive health data including prescription medications and conditions via Meta Pixel, Google Analytics, Criteo Audience Match, and Branch.
- 2
Company failed to notify consumers of unauthorized disclosures as required by the Health Breach Notification Rule, the first FTC enforcement of that rule.
- 3
Shared data enabled targeted advertising based on users’ specific medications (e.g., for HIV, mental illness).
- 4
$1.5 million civil penalty plus permanent ban on sharing user health data with third parties for advertising.
What the order requires
Injunctive terms imposed by the Federal Trade Commission. These bind GoodRx Holdings, Inc.'s data practices going forward.
- Permanent ban on sharing user health data with advertising platforms.
- Required deletion of personal information already shared.
- Express affirmative consent required before any future sharing.
Primary sources
Read the original government documents. These are the authoritative records, everything on this page is derived from them.
- Federal Trade Commission press releasehttps://www.ftc.gov/news-events/news/press-releases/2023/02/ftc-enforcement-action-bar-goodrx-sharing-consumers-sensitive-health-info-advertising
Exercise your rights now
Generate a deletion request for $5
The FTC order binds GoodRx Holdings, Inc.'s future practices, but doesn't automatically delete your existing data. State privacy law (CCPA, CPA, TDPSA, VCDPA) gives you that right. OfflistMe generates a compliant deletion email pre-addressed to GoodRx Holdings, Inc.'s registered privacy contact.
Start for $5 →FAQ
What did the FTC charge GoodRx Holdings, Inc. with?+
Prescription drug discount platform GoodRx shared users’ prescription medication lists and personal health information with Facebook, Google, and other advertising companies. The Federal Trade Commission cited FTC Act § 5, FTC Health Breach Notification Rule.
How much did GoodRx Holdings, Inc. pay?+
GoodRx Holdings, Inc. paid $1,500,000 in monetary relief, announced on 2023-02-01. The settlement also imposed injunctive terms (see below).
Does the GoodRx Holdings, Inc. settlement mean my data has been deleted?+
The order requires GoodRx Holdings, Inc. to delete certain categories of consumer data (see injunctive terms). Individual consumers should still exercise state-law deletion rights (CCPA, CPA, TDPSA) to confirm deletion from any remaining successor databases.
How can I read the original FTC order?+
The Federal Trade Commission press release is available at https://www.ftc.gov/news-events/news/press-releases/2023/02/ftc-enforcement-action-bar-goodrx-sharing-consumers-sensitive-health-info-advertising. The case / matter number is FTC File No. 202-3090.