Chemist + Druggist is part of Pharma Intelligence UK Limited

This is operated by Pharma Intelligence UK Limited, a company registered in England and Wales with company number 13787459 whose registered office is 5 Howick Place, London SW1P 1WG. The Pharma Intelligence group is owned by Caerus Topco S.à r.l. and all copyright resides with the group.


This copy is for your personal, non-commercial use. Please do not redistribute without permission.

Printed By

UsernamePublicRestriction

Lloydspharmacy vows to take action after media reports of customer data breach

Lloydspharmacy has launched an investigation following claims in the media that it shared customer data with TikTok and Facebook for targeted advertising, it has confirmed to C+D.

A joint investigation by the Guardian and Radio Sweden into online pharmacy websites found that customer data was being collected on specific symptoms used in search terms and products added to online shopping baskets, the news outlet alleged this weekend (April 15).

Lloydspharmacy was one of hundreds of pharmacies across Europe found to have been using tiny pieces of computer code or “pixels” embedded into checkout pages than can share personal information with the social media companies access, according to the Guardian.

Read more: Stress levels and pay rises in 2022 at Boots, Lloydspharmacy and Well

As well as information about the products being selected, the pixels were in some cases included in the websites' search results, which could give the social networks an insight into customers’ specific symptoms, the newspaper alleged.

These pixels are also able to share personal information such as customers’ names and phone numbers with the social media companies, according to the Guardian.

Lloydspharmacy told C+D yesterday (April 18) that it takes the issues raised by the investigation “very seriously”.

A spokesperson said: “We are currently undertaking an investigation and will take appropriate steps when more details are known.”

 

Scope of media investigation

 

According to the Guardian, one test carried out by journalists saw the pixels “collect exact search terms” entered on Lloydspharmacy’s website as well as the products added to the customer’s basket, which the paper said included Viagra, thrush cream and a chlamydia test.

Monitoring network traffic made it “possible to see those terms being sent to the social media companies”, the news outlet reported.

“In the checkout process, both the Facebook and TikTok tracking pixels collected the email address of the user. [Lloydspharmacy] also sent Facebook the user’s first and last name, while it sent TikTok their phone number,” the Guardian claimed.

Read more: Revealed: Almost 50 data breaches involving pharmacies in 16 months

The journalists who carried the investigation claimed that “explicit consent” for sharing the data had not been given at any point and that “there was no option to turn off the transmission in the cookie disclosure”.

The investigation found that over 200 online pharmacies across Europe carried the advertising pixels from Facebook, TikTok or both on their websites, the Guardian said.

But it claimed that a closer look at the largest pharmacies revealed only Lloydspharmacy was “sending sensitive medical information, as well as personally identifiable data, to TikTok specifically”.

The newspaper also alleged that the TikTok pixel was completely removed from Lloydspharmacy’s website “shortly after” the multiple was contacted for comment.

Meanwhile, the Facebook pixel was “updated to only operate after the user accepts cookies”, it claimed.

But in a comment to the Guardian, Lloydspharmacy said that the change was not due to the inquiry but a result of “the transition of its IT systems to the Hallo Healthcare Group” earlier this month.

 

Sensitive data should not be collected

 

TikTok told C+D that pixels should not be used to send the social media giant “sensitive data, including personal health information”, which it said would constitute a breach of its terms.

TikTok “continuously” works with companies to stop the “inadvertent transmission of such data”, a spokesperson said.

Read more: What you need to know about new patient data safety recommendations

They commented: “Like other platforms, the TikTok pixel is used by advertisers to measure the effectiveness of their ads, show ads to users who have visited their website, and help optimise campaigns based on specific signals that advertisers have chosen to send to us.” 

Meta, the company behind Facebook, said that if a business sends potentially sensitive data, which may in some case happen in error, the platform’s filtering mechanism is designed toremove it before it is stored in advertising systems.

A spokesperson for Meta said: “Advertisers should not send sensitive information about people through our business tools.

“Doing so is against our policies and we educate advertisers on properly setting up business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.”

Related Content

Topics

         
Pharmacist
Oxford
£32 per hour

Apply Now
Latest News & Analysis
See All
UsernamePublicRestriction

Register

CD136944

Ask The Analyst

Please Note: You can also Click below Link for Ask the Analyst
Ask The Analyst

Thank you for submitting your question. We will respond to you within 2 business days. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts

Cancel