The main allegation is that Costco lets Meta collect communications related to health care from its website, violating HIPAA and effectively acting as a wiretap of the customer.
The first lawsuit was news earlier in October, and the new one from the 25th appears to be similar. Links to first suit:
It wouldn’t surprise me if no one at Costco realized there was an issue. My guess is Meta (facebook) gives them a widget – code they don’t have to write – that ties into Costco’s website. In exchange, Meta gets to see what poeple are looking at and buying. That’s icky but understandable for stuff like snow tires and bacon, but gets super serious when folks buy, say, antipsychotics or abortion pills. Only your doctor and pharmacist should know you’re getting those meds.
This makes the most sense to me. I’d bet that some code was applied to their whole site, instead of everything except the pharmacy.
Their website isn’t exactly sophisticated, so I wouldn’t be surprised if this was a mistake. It still shouldn’t have happened.