Apoteket sent sensitive customer data to Facebook

How much of our personal data the various tech giants actually have – and what they use it for – is always an engaging topic. But that state-owned Apoteket would pass on our medical information based on the purchase history in the company’s e-commerce to Meta-owned Facebook, there were probably not many who reflected on.

Still, that’s exactly what happened, a review reveals Swedish Radio Ekot. At least if you visited the webshop without opting out of marketing cookies and then bought over-the-counter medicines. Then a unique ID number has been created based on specific information sent in batches from Apoteket to Facebook. What was purchased, cost, e-mail address and mobile number are among the data sent on.

When Ekot contacted Apoteket with the information, the data transfer to Facebook was immediately shut down. The pharmacy also reported itself to the Privacy Protection Authority, IMY, and states that between half and one million Swedes may have had their personal information sent to Facebook. Whether or how this data is then used in any way is currently unknown.

According to Apoteket, the purpose was to follow up the company’s own advertising on Facebook. A pharmaceutical inspector that Ekot has been in contact with points out that such sensitive information can hardly be shared when you buy from physical pharmacies. The pharmacy will initiate an internal review of the process that has taken place.

This is not the first time a Swedish company has been caught with dubious data transfers to the social media platform; including Folksam and Länsförsäkringar have previously been in the hot air for similar procedures.