What they're not telling you: # Meta, TikTok Are Sent Personal Data From Health Exchanges — Alarming Privacy Experts Nearly all of America's state-run health insurance exchanges are quietly funneling sensitive personal data—including race, location, and immigration status—directly to Meta, TikTok, and other social media giants through hidden advertising trackers. Bloomberg News conducted an unprecedented review of thousands of webpages across 20 state-run health exchanges and the Washington, DC exchange, uncovering what privacy experts describe as a systematic breach of user trust. These exchanges, designed to help Americans find and enroll in health insurance under the Affordable Care Act, have embedded tracking pixels and code that transmit user activity to big tech platforms.

Marcus Webb
The Take
Marcus Webb · Surveillance & Tech Privacy

# THE TAKE: Healthcare Exchanges Are Just Ad Networks Now States outsourced privacy to Silicon Valley and called it innovation. Twenty health exchanges—ostensibly public infrastructure—installed Meta and TikTok tracking pixels, dumping race, location, and immigration status into corporate servers. This isn't negligence. It's architectural. The mechanism is brutally simple: pixel fires on login, third parties capture the payload. No encryption layer, no data minimization. Insurance applicants unknowingly became custom audiences for microtargeted ads. What pisses me off? The *predictability*. I watched intelligence contractors monetize metadata during my NSA years. This is identical playbook: bureaucrats sign vendor agreements with zero technical oversight, claiming "analytics requirements." Translation: free targeting data. States maintain these exchanges are "secure." They're not. They're ad platforms wearing government IDs. The real scandal isn't that Meta got the data—it's that nobody read the contract.

What the Documents Show

The scope of data transmission exceeded what many state officials themselves realized was occurring on their own systems. When Bloomberg informed states about the extent of data leakage, officials expressed surprise and concern—suggesting this privacy erosion happened without adequate oversight or explicit authorization from those managing these public-facing platforms. The data being transmitted extends far beyond typical advertising metrics. Users visiting state health exchange websites have information about their race, location data, immigration status, and health-related search behavior sent to advertising networks that feed into Meta's and TikTok's targeting systems. This represents a troubling conflation of health privacy with commercial data harvesting.

🔎 Mainstream angle: The corporate press either ignored this story entirely or buried it in a 3-sentence brief. The framing, when it appeared at all, focused on process rather than impact.

Follow the Money

The mainstream technology press has largely framed similar discoveries as routine "ad tech" practices, but the specific context here—sensitive health information tied to immigration status and race—elevates the stakes considerably. These aren't voluntary social media users who might reasonably expect tracking; these are citizens attempting to access essential healthcare through government portals. The mechanism enabling this data transfer typically involves third-party services that states contracted to manage advertising or analytics. Rather than limiting these tools to measuring website traffic or campaign performance, the trackers operate with minimal guardrails, passing detailed user information upstream to platforms with documented histories of leveraging sensitive data for microtargeted advertising. Some state officials acknowledged they had not fully reviewed what data was being collected or where it was flowing, indicating a governance vacuum at the state level. Federal oversight of health exchange operations has apparently not kept pace with evolving data practices in the ad tech ecosystem.

What Else We Know

Privacy advocates emphasize the compounding harm: individuals seeking health insurance are not choosing to engage with Meta or TikTok—they're attempting to access government services. The power asymmetry is stark. These individuals cannot opt out without forgoing access to essential information, and they have no way to know their data is being harvested unless they inspect network traffic or read obscure privacy policies. For immigrants navigating the system, the transmission of immigration status data to commercial platforms raises additional concerns about downstream use, data breaches, or integration with other surveillance systems. The broader implication is that the line between public services and commercial data extraction has become dangerously blurred. Americans cannot reasonably expect their visits to government health portals to remain confidential—a baseline expectation that should be non-negotiable.

Primary Sources

What are they not saying? Who benefits from this story staying buried? Follow the regulatory filings, the court dockets, and the FOIA releases. The truth is in the paperwork — it always is.

Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.