Class Action Says Blue Cross Blue Shield Shares Federal Employees’ Data with TikTok, Others

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action claims Blue Cross Blue Shield (BCBS) Association secretly transmits federal employees’ private medical data to TikTok, Facebook and other third parties without consent through its website, FEPBlue.org.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 67-page lawsuit says that despite serious national security and privacy concerns with regard to TikTok, BCBS, which provides health insurance to more than 5.5 million federal workers and retirees at every level of the U.S. government, has “inexplicably” embedded invisible tracking tools from the social media company and other third parties into its website. According to the suit, the web-tracking technologies used on FEPBlue.org secretly capture and record federal employees’ online communications and activities in real time as they interact with the pages.

In the past few years, a number of federal agencies have taken steps to prevent the unauthorized disclosure of sensitive government data to TikTok, the case explains, citing fears that the social media giant’s China-based parent company is “controlled by or would be forced to share information with the Chinese government.”

“Given widespread concerns in recent years over TikTok’s aggressive data-collection practices and the company’s close ties to China, TikTok has been banned on official government devices for Members of the U.S. House of Representatives, executive branch employees, and federal contractors,” the complaint shares.

State and local governments nationwide have instituted similar TikTok bans on official devices, and national security authorities have likewise warned about the social media company’s bold data-tracking behavior, the filing adds.

In spite of the foregoing, FEPBlue.org utilizes a TikTok pixel—a piece of back-end code that “acts much like a traditional wiretap”—to intercept and share federal employees’ private medical data with the video platform, the lawsuit alleges.

Per the case, government workers can use FEPBlue.org to find doctors, research treatments or conditions, review insurance plans under the Federal Employee Program (FEP) and communicate with their insurer. However, unbeknownst to visitors, the website’s TikTok pixel collects and records user information such as IP addresses, device and browser details, pages visited, buttons clicked, search queries and the contents of any communications exchanged, the suit claims.

Importantly, the defendant shares enough data with TikTok to link a website visitor to their online communications and interactions, even if they do not have an account with the platform, the complaint asserts.

According to the filing, the use of a TikTok pixel on FEPBlue.org is a “flagrant breach” of BCBS’s duty to protect federal workers’ private medical data, and a clear violation of state and federal privacy statutes.

“While the U.S. government has taken steps to protect against the risks of TikTok’s collection of federal employees’ personal data, [the defendant] has secretly left the back door wide open, allowing TikTok to gather sensitive medical information related to employees’ specific symptoms and conditions,” the lawsuit charges. “In doing so, [BCBS] subjected federal employees to the loss of their sensitive medical data and to the risk of blackmail and extortion by a foreign power.”

In addition to a TikTok pixel, at least three other tracking tools are utilized by FEPBlue.org to capture and record federal workers’ personal information, including Facebook’s Meta pixel, Google Analytics and the LinkedIn Insight Tag, the suit alleges.

As the case tells it, though the unauthorized disclosures to Facebook, Google and LinkedIn do not raise questions about potential national security risks, they are nevertheless “blatant” breaches of government employees’ privacy rights under state and federal law.

The lawsuit looks to represent anyone in the United States who participates in the Federal Employees Health Benefits program and whose private information was disclosed to a third party through FEPBlue.org without consent at any time since November 2021.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.