Article in deDeutsch Article in enEnglish Article in esEspañol Article in frFrançais Article in nlNederlands Article in ptPortuguês

TikTok Pregnancy Data Scandal: Online Pharmacies Share Sensitive Health Info | Privacy Guide

0
0
Health 5 min read 0% read

Dutch investigation reveals online pharmacies share pregnancy test data with TikTok, Google & Meta—violating GDPR. 20 retailers implicated, with sensitive health info transmitted even when users decline cookies.

tiktok-pregnancy-data-pharmacies
Facebook X LinkedIn Bluesky WhatsApp
de flag en flag es flag fr flag nl flag pt flag

What is the TikTok Pregnancy Data Scandal?

A shocking investigation has revealed that major online pharmacies and supermarkets in the Netherlands are sharing sensitive medical data with tech giants including TikTok, Google, Meta, and Pinterest, sometimes combined with personal identification information. The investigation by Investico, Radar, and De Groene Amsterdammer found that when customers add items like pregnancy tests to their shopping carts—even without completing purchases—their sensitive health data is being transmitted to advertising platforms. This means that data privacy regulations are being systematically violated, with TikTok potentially learning about a woman's pregnancy before her own partner.

Investigation Findings: How Your Health Data is Being Shared

The joint investigation examined 20 major online retailers including Etos, Trekpleister, Kruidvat, Flink, DA, and Bol.com. All 20 retailers were found to transmit medically sensitive visitor information to Google, while 10 also shared data with Facebook (Meta), and DA, Flink, and Plein provided information to TikTok. The shared data includes highly private details about purchased or viewed health products like self-tests, even when visitors decline cookies.

Which Companies Are Involved?

The investigation identified multiple Dutch retailers sharing sensitive health data:

  • All 20 retailers transmitted data to Google
  • 10 retailers shared data with Facebook/Meta
  • 3 retailers (DA, Flink, Plein) shared data with TikTok
  • Several companies acknowledged mistakes after being confronted
  • Flink implemented technical blocks to prevent further data sharing
  • Jumbo reported the issue to the Dutch Data Protection Authority

Political Response: VVD Lawmaker Demands Action

VVD parliament member Queeny Rajkowski is preparing parliamentary questions to address the investigation's findings. 'That your data is shared the moment you drag a pregnancy test into your shopping cart and maybe don't even order it, that just can't be,' Rajkowski stated. 'Then, in a manner of speaking, TikTok and the Chinese government know you're pregnant before your partner. That simply cannot be. And sometimes in combination with your name and address. It simply doesn't concern people whether you order such a test.'

Rajkowski emphasized that while websites are allowed to share consumer data when cookies are accepted, different rules apply to privacy-sensitive data. 'We have very consciously agreed together that there are different types of personal data. Some things are so sensitive and vulnerable and therefore private that we simply have stricter rules for them.'

Regulatory Framework: What GDPR Says About Sensitive Data

The General Data Protection Regulation (GDPR) specifically classifies health data as 'special category data' requiring enhanced protection. Under Article 9 of the GDPR, processing of health data is generally prohibited unless specific conditions are met, such as explicit consent or necessity for healthcare purposes. The European data protection laws clearly distinguish between regular personal data and sensitive health information, with the latter receiving much stronger protections.

How Companies Are Violating GDPR

Several key violations have been identified:

  1. Sharing health data without explicit consent
  2. Transmitting data even when users decline cookies
  3. Combining health data with personal identifiers
  4. Failing to implement adequate technical safeguards
  5. Not conducting proper data protection impact assessments

Broader Implications: Global Health Data Privacy Concerns

This Dutch investigation follows similar findings in the United States, where The Markup and CalMatters discovered that four state-run health insurance exchange websites were sharing sensitive personal health data with Big Tech companies. Nevada's exchange sent prescription drug names and dosages to LinkedIn and Snapchat, while Massachusetts' exchange told LinkedIn when visitors indicated they were pregnant, blind, or disabled.

The global pattern suggests systemic issues in how health data is protected online. 'What is not allowed on the street should also not be possible online,' Rajkowski emphasized, questioning whether regulators like the Dutch Authority for Consumers and Markets (ACM) and European supervisors are aware of the investigation's outcomes.

What Consumers Can Do to Protect Their Health Data

While regulatory action is needed, consumers can take several steps to protect their sensitive health information:

  • Use privacy-focused browsers with enhanced tracking protection
  • Consider purchasing sensitive health products in physical stores
  • Review and adjust privacy settings on all online accounts
  • Use virtual private networks (VPNs) when shopping online
  • Regularly clear cookies and browsing data
  • Be cautious about what health information you search for online

FAQ: TikTok Pregnancy Data Privacy Scandal

What data is being shared with TikTok?

Online pharmacies are sharing information about pregnancy tests and other sensitive health products that users view or add to their shopping carts, sometimes combined with personal identification data.

Is this legal under GDPR?

No, sharing sensitive health data without explicit consent violates GDPR regulations, which classify health information as 'special category data' requiring enhanced protection.

Which companies are involved?

The investigation identified 20 Dutch retailers including Etos, Trekpleister, Kruidvat, Flink, DA, and Bol.com, with DA, Flink, and Plein specifically sharing data with TikTok.

What should I do if my data was shared?

You can file a complaint with the Dutch Data Protection Authority and consider using privacy tools to prevent future data sharing. Several companies have already implemented technical fixes after being confronted.

Will there be fines for these violations?

Under GDPR, companies can face fines of up to €20 million or 4% of global annual turnover, whichever is higher, for serious violations involving sensitive health data.

Sources

NL Times: Online Pharmacies Share Sensitive Health Data

The Markup: States Sharing Health Data with Big Tech

ClassAction.org: Health Data Privacy Investigations

Original BNR investigation by Investico, Radar, and De Groene Amsterdammer

Related

data-protection-consent-rules-businesses
Politics
Politics

Data Protection Law Tightens Consent Rules for Businesses

New data protection laws in 2025-2026 tighten consent requirements across multiple U.S. states, requiring explicit,...

bitvavo-customer-data-access-privacy
Crypto
Crypto

Bitvavo Management Had Years of Customer Data Access

Bitvavo management had years of unauthorized access to customer data, violating privacy rules. The crypto exchange...

health-data-sharing-privacy-research
Health
Health

Cross-Border Health Data Sharing: Privacy and Research Benefits

Cross-border health data sharing faces regulatory challenges but offers significant research benefits. The EU's 2025...